Is the Great Resignation a cyber-threat?
By David Masson
By David Masson
COVID-19 has permanently changed the working landscape over the last two years. With increased unemployment and a radical shift to remote and hybrid work, the pandemic forced organizations and employees to re-evaluate standard labour practices.
The recent flood of workforce exits, hailed as the “Great Resignation,” is another example of changing work and personal priorities as the pandemic continues. This “Great Resignation” has only recently arrived in Canada, and while not as drastic as the nearly 4.5 million Americans who left their jobs in November, provinces and territories are also starting to experience labour churn.
Over the next six months, 28 per cent of Canadian workers intend to look for a new job, a substantial increase compared to the 21 per cent reported in the summer of 2021. More alarmingly, 19 per cent of professionals said they would leave their current positions without another opportunity planned — departing the workforce entirely. As this turnover occurs, Canadian businesses should be concerned with not only filling vacancies but also managing the associated security risks.
How is the “Great Resignation” a cyber issue?
While many Canadians will seek job transitions for shifting passions, higher salaries, or a desire to work remotely, a much smaller percentage will leave their current posts with malicious intentions. These employees may seek payback against their employers by stealing sensitive data, confidential information, or intellectual property (IP) before offboarding. Employees may leverage this data theft to seek employment at a competitor or for personal financial gain.
Many employers are already aware of the risks posed intentionally and prioritize employee well-being to foster a positive offboarding experience. Much fewer think of the accidental or inadvertent cyber-threats caused by resigning employees. Employees may be too distracted by transitioning responsibilities and finalizing projects to regard and report security concerns during their notice periods adequately.
The shift to remote and hybrid work across industries has led to the disappearance of the cyber perimeter. Whereas organizations once localized critical data and corporate information in on-site data centres, data now must be accessible to employees anywhere, anytime. With nearly 60 per cent of Canadian professionals wanting to work in fully-remote positions, workers may continue to pose a risk even after offboarding. Mandated lockdowns may prevent employees from returning connected devices that can access sensitive data. As a result, employees may unwittingly retain access to a business’ VPN, corporate calendars, or even sensitive passwords that could be compromised through their home networks.
How can businesses protect themselves?
Canadian businesses must build security into their HR and IT offboarding processes. Internal security teams must be alerted to employee resignations as soon as possible, flagging employees and their devices for follow-up, and limiting access to sensitive data during their notice period. These organizations should also adopt a Zero Trust methodology, restricting employee data access only to what is necessary to fulfill their job responsibilities.
Organizations must ensure their security posture allows complete visibility over all endpoints and internet-connected devices as hybrid work continues. Endpoints have moved beyond traditional infrastructure and house much more sensitive data than pre-pandemic.
Companies must employ endpoint security tools to understand and support legitimate, normal employee behaviours. These tools must detect and respond to anomalous activity, including initial file downloads and data uploads or command and control attempts at lateral movement within corporate networks. Catching threats in real-time is crucial to prevent significant business disruption, especially during the notice period and immediately after an employee’s departure.
The “Great Resignation” is only just beginning in Canada, and businesses must prioritize cyber best practices and adopt defences now to stay ahead of this new wave of security concerns.
David Masson is Director of Enterprise Security at Darktrace.