A Tessian survey released Tuesday found that 71% of IT decision makers in the United States and United Kingdom said the Great Resignation has increased security risks at their companies.
Some 45% of respondents say incidents of data exfiltration have increased in the last year as people took data when they left their jobs, often to find better work-life balance or pursue another career.
The survey found that one in three (29%) of U.S. and U.K. employees admitted to having taken data with them when they resigned. The numbers were much higher in the United States, as 40% of American employees say they had taken data with them with they left their old jobs.
Kevin Dunne, president at Pathlock, said the increasing number of employees resigning means more risk exposure, both leading up to departure and even after the fact. Dunne said studies have shown that approximately 70% of employees can still access some level of company resources in the days, weeks, and months after their termination, often because there’s not a solid process in place for deprovisioning unnecessary user access when employees leave an organization.
“The turnover of cybersecurity employees increases the risk associated with the Great Resignation,” Dunne said. “As more employees are leaving companies with a broader level of access, the number of tasks related to deprovisioning user accounts is dramatically increasing. With a smaller number of cybersecurity professionals in place, the backlog of deprovisioning tasks is growing and means a longer delay between an employee's end of service and the removal of their access rights. The longer the ‘hangover’ period, the greater risk exposure the company has. The only solution to this problem in the short-term will be to apply automation wherever possible to expedite and fool-proof the deprovisioning process for departing employees.”
Timur Kovalev, chief technology officer at Untangle, said the very nature of employees walking out indicates they aren’t happy with the employer, pay, work or colleagues. Kovalev said disgruntled employees might seek revenge on the company that they perceived to have wronged them, or an undervalued worker might feel a sense of entitlement and sabotage the company.
“To protect networks from disgruntled employees, businesses should always follow strict onboarding and offboarding as employees join and leave a company to ensure access is only given if needed and revoked immediately as employees leave,” Kovalev said. “In addition, network segmentation, access to only the information needed to do the job, should also be standard practice to address potential insider threats.”
Ron Bradley, vice president at Shared Assessments, said with the Great Resignation still in full swing, cybersecurity teams face increasing challenges to protect company data. Now more than ever, Bradley said having automated tools to assist in combating insider security threats has become increasingly important.
“The sad reality is this situation is going to get worse before it gets better,” Bradley said. “Companies must be diligent around identifying their ‘crown jewels’ and layering the appropriate amount of security controls around them.”