The ‘Great Resignation’ is a threat to cyber security

A padlock against a black computer screen.
(Image credit: Pixabay)

Over the last several months, employers have seen a tidal wave of resignations that began in the US and spread worldwide. Here in the UK, this mass exodus from the workforce has triggered alarms for many companies for whom this is not only an HR problem, but also a cybersecurity threat.

About the author

Toby Lewis, Global Head of Threat Analysis at Darktrace.

According to a poll published by Randstad in November, a quarter of UK employees reported that they planned to leave their job in the next few months. The Office of National Statistics figures shows the number of job vacancies from October to December 2021 rose to a new record of 1,247,000, an increase of 462,000 from its pre-coronavirus levels, with most industries displaying record numbers of vacancies.

What security threats does the ‘Great Resignation’ present?

Employees resign from their posts for many reasons and in many different circumstances. Some will be disgruntled, while others will be looking to make themselves as attractive to rival employers as possible. Some will bear no ill will to their previous company whatsoever. But all these employees present different types of security risks.

The first and most significant risk is data theft. Employees may steal internal data, sensitive commercial information, or valuable Intellectual Property (IP) to take to a competitor company. Whether deliberate or accidental, these vulnerabilities can significantly impact businesses.

Some employees may seek to advertise themselves to new employers as having clients and contacts they can take with them from their old job without realizing this might constitute data theft. At the other end of the scale, employees with a serious grudge might seek to leak or sell sensitive information or even give ransomware hackers access to their ex-employer’s digital estate in exchange for a share of the ransom payment. This was the case last year in the US when an ex-employee reportedly introduced ransomware into his old company’s system.

The second major risk is accidental exposure. As employees wind down their responsibilities over the course of their notice period, there is a risk that they will be less vigilant when it comes to security due diligence. Employees may unknowingly expose businesses to security risks through remote work and increased use of personal devices and networks.

This kind of carelessness is compounded by hybrid working practices. Endpoints such as laptops and mobile phones have moved further away from traditional, on-premise digital infrastructures and have begun to house even more sensitive data. As a result, CISOs and security professionals have been left grappling with the complexities of protecting their organizations and dynamic workers. A decentralized workforce allows employees to access sensitive internal data more easily and in settings with a less sophisticated security posture. And remote work is not going anywhere: in the US, 58% of workers would reportedly seek alternative employment if they were not able to continue hybrid working in their current role, a trend that is also arising in the UK.

From a data-access perspective, this is a problem for their future employers as well. Employees are more likely to repeat passwords across accounts and become complacent regarding company security policies with continued work from home protocols.

What can businesses do to protect themselves during ‘The Great Resignation?’

Businesses need a comprehensive off-boarding plan that they can activate as soon as an employee hands in their notice. Implementing a collaborative process for IT security teams and HR to collapse down employee access to sensitive data during their last few weeks is a sure way to reduce the risk posed by job-leavers. This process can be gradual, but it should leave them with access to only the bare minimum of data necessary to do their job and tie up loose ends for their responsibilities.

Companies should adopt a Zero Trust framework by setting personalized benchmarks for ‘standard’ employee data access. Continuously validating users who can gain and keep access to data and applications vastly reduces the risk of ex-employees accessing internal systems after their employment ends. Having a measure of standard access, in other words, knowing what employees should usually need access to so they can successfully do their jobs, also allows earlier detection when unusual behavior does occur.

Finally, every internet-connected company should have digital infrastructure monitoring capabilities at the center of its security defenses. This is the case whether a business has complex Operational Technology or a distributed workforce.

In the context of remote working and increased resignations, businesses need to understand their shifting vulnerabilities. Digital infrastructure monitoring can augment security teams’ ability to detect systems disruption so organizations can find and stop cyber-attacks and insider threats faster, limiting the possibility for an ex-employee to become a security risk. While detection alone is not enough to stop insider threat, and businesses will eventually have to find solutions that can stop malicious activity in real time at the moment of detection, having visibility over various endpoint devices is the essential first step.

At TechRadar Pro, we've featured the best malware removal software.

Toby Lewis, Global Head of Threat Analysis at Darktrace.