Recent Tech Layoffs Sharply Increase Insider Cybersecurity Threat

Video Overview

As Layoffs Abound, HR and IT Teams Must Collaborate to Deter Insider Cyber Threats

Airiam, a managed IT and cybersecurity company with a strong focus on cyber resilience, today revealed an increased risk of insider cybersecurity breaches due to tens of thousands of recent layoffs in the technology sector. As part of Airiam’s ongoing commitment to SMEs’ IT and cybersecurity needs, Airiam provides insight to help professionals better understand key ‘at risk’ areas so they can make sound cyber resilience decisions.

“The human factor is often the weakest link when it comes to cybersecurity, and corporate layoffs can bring out raw emotions, anger, frustration and a desire to lash out,” said Conor Quinlan, CEO of Airiam. “Ensure your organization offers employee awareness and training programs that formalize and enforce cybersecurity best practices.”

According to research from The Ponemon Institute, insider threat incidents have risen 44% over the past two years, with costs per incident up more than a third to $15.38 million. The number only continues to grow due in large part to massive tech company layoffs, which topped 120,000 in 2022.

“With companies large and small having to make the unfortunate decision to lay off employees, there are more and more people facing uncertainty. If they haven’t been included in prior layoffs, they’re wondering if they’re next,” said Art Ocain, Airiam’s CIO. “When they get a call from an attacker who offers them six figures for their credentials so they can hack into the system, it could potentially be an opportunity too tempting to pass up.”

What can companies do to mitigate this risk? Many companies have significant external barriers to prevent security breaches. But there are many things that should be done to reduce the threat of current and ex-employees. Best practices include deactivating devices remotely, changing of system passwords, deletion of accounts, and revoking access to both physical and online spaces. However, even the best cybersecurity efforts are easily thwarted if a disgruntled employee lets an attacker into the system.

“It actually goes beyond technology, and it’s essential for companies to work with HR and to be really diligent about their employee satisfaction awareness,” said Ocain. “Cultural misalignment is a huge risk to corporations. If someone feels proud of their work and secure in their position, it is less likely they would break the law for fast money and ultimately lead to a company being impacted by an insider attack.”

Techniques to Stop Insiders and Ex-Employees

In addition to HR considerations, it is essential to implement steps to help mitigate the risk of insider threat from data exfiltration – unauthorized copying, transfer, or retrieval of data from either a server or an individual’s computer.

• 24/7 System Monitoring: Continuous monitoring protects systems and allows for data breaches to be detected quickly. Watch for downloads to insecure devices, uploads to external services, insecure and unusual cloud behavior, behaviors outside of compliance with security policies and files being changed or redacted.
• Privileged Access Management: By implementing strict controls over who has access to specific data through the use of password-protection, MFA and access permissions, it is easier to keep sensitive data safe and ensure only those who need access can have access to data and systems.
• Email Filtering: Email filtering services check all incoming and outgoing emails for spam, malware, and suspicious links and then organize these messages into respective categories and folders.
• Employee training: Companies are only as strong as their weakest link. In addition to HR training for better job satisfaction, ensure employees are trained on best practices for safe email use. Insist on strong passwords that change regularly, and encourage team members to share any concerns and report suspicious activity.
• Immutable Backups: Even with every security precaution in place, breaches still happen. Having an immutable backup, an unchangeable backup that can’t be modified, deleted, or encrypted, allows your team to get business running again.  Keeping immutable backups of your critical business data ensures hackers can’t irrevocably steal or destroy your data—regardless of ransomware or successful breaches. For example, most businesses follow a 3-2-1 backup rule: 3 copies of the data, 2 different media types used, and 1 copy stored off site.

When HR and IT can work collaboratively, they help reduce the risk of the growing threat from insider attacks.