Tech Layoffs Increasing Risk of Insider Cyber Threats
Threat actors may present opportunities too tempting to pass up.
The thousands of recent layoffs in the technology sector has heightened the risk of insider cyber threats.
That’s according to Airiam, a managed IT and cybersecurity company. HP, Oracle, RingCentral, Intel, 8×8, Microsoft and Nextiva are among the rush of companies that have shed workers during the past few months.
Conor Quinlan is Airiam’s CEO.
Airiam’s Conor Quinlan
“The human factor is often the weakest link when it comes to cybersecurity,” he said. “And corporate layoffs can bring out raw emotions, anger, frustration and a desire to lash out. Ensure your organization offers employee awareness and training programs that formalize and enforce cybersecurity best practices.”
Insider Cyber Threats, Associated Costs Increasing
According to research from the Ponemon Institute, insider threat incidents have risen 44% over the past two years. Costs per incident are up more than a third to $15.38 million. The number only continues to grow due in large part to massive tech company layoffs, which topped 120,000 in 2022.
Art Ocain is Airiam’s chief information officer.
Keep up with our telecom-IT layoff tracker to see which companies are cutting jobs and the ensuing channel impact. |
Airiam’s Art Ocain
“With companies large and small having to make the unfortunate decision to lay off employees, there are more and more people facing uncertainty,” he said. “If they haven’t been included in prior layoffs, they’re wondering if they’re next. When they get a call from an attacker who offers them six figures for their credentials so they can hack into the system, it could potentially be an opportunity too tempting to pass up.”
Steps to Reduce Insider Cyber Threats
Many companies have significant external barriers to prevent security breaches, according to Airiam. But there are many things that should be done to reduce insider cyber threats by current and ex-employees.
Best practices include: deactivating devices remotely, changing system passwords, deleting accounts, and revoking access to both physical and online spaces.
However, bad actors can easily thwart even the best cybersecurity efforts if a disgruntled employee lets an attacker into the system.
“It actually goes beyond technology,” Ocain said. “And it’s essential for companies to work with HR and to be really diligent about their employee satisfaction awareness. Cultural misalignment is a huge risk to corporations. If someone feels proud of their work and secure in their position, it is less likely they would break the law for fast money and ultimately lead to a company being impacted by an insider attack.”
Stopping Data Exfiltration
In addition to HR considerations, it is essential to implement steps to help mitigate the risk of insider threat from data exfiltration. That’s the unauthorized copying, transfer or retrieval of data from either a server or an individual’s computer.
Important steps include around-the-clock system monitoring, privileged access management (PAM), email filtering, employee training and immutable backups.
Want to contact the author directly about this story? Have ideas for a follow-up article? Email Edward Gately or connect with him on LinkedIn. |
About the Author
You May Also Like