The Great Resignation has created more security challenges for cybersecurity teams. 


While employees are quitting their jobs in huge waves following the COVID-19 pandemic for better positions, better pay or work/life balance, or to explore different fields, security leaders are under pressure to not only retain and hire new employees, but also to mitigate the risks of data exfiltration. 


According to Tessian, one in three (29%) U.K. and U.S. employees admitted to having taken data with them when they quit. The figures were much higher in the U.S., with two-fifths of U.S. employees (40%) saying they’d taken data with them when they left their job.


When they leave, employees in marketing were the most likely to data with them, with a staggering 63% of respondents in this department admitting to doing so. Employees in HR (37%) and IT (37%) followed. Interestingly, rates of data exfiltration are much lower in highly regulated functions like accounting and finance, operations and legal. With employees in these departments having to comply with strict data regulations daily, the findings suggest that this impacts their data sharing behaviors and the security cultures. Just 16% of workers in operations and 22% in accounting and finance say they have taken data with them when they’ve left a job.


The pressure is on to protect organizations from data exfiltration and insider risk. Here are three ways security leaders can counteract the risks brought on by the Great Resignation:


  1. While most insider security threats are historically caused by human error, security leaders could see a higher volume of malicious insider abuse in the months ahead due to disgruntled employees, says Jasmine Henry, Field Security Director at JupiterOne. “Disgruntled employees may be motivated by revenge or personal financial gain to commit IT sabotage, data theft, or insider fraud,” Henry says. To offset this risk, Henry suggests that security teams should monitor for behavioral patterns most associated with insider abuse, including unusual login patterns, unauthorized application use, or excessive data downloads.
  2. The organization’s network will increasingly become vulnerable due to disgruntled employees. Timur Kovalev, chief technology officer at Untangle, says enterprises should “always follow strict onboarding and offboarding as employees join and leave a company to ensure access is only given if needed and revoked immediately as employees leave.” In addition, network segmentation, access to only the information needed to do the job, should also be standard practice to address potential insider threats, Kovalev says.
  3. With a smaller number of cybersecurity professionals in place, the risk of forgetting to remove some of the access of a departing employee increases dramatically, particularly as the number of resources employees have access to increases. Kevin Dunne, President at Pathlock, says, “The longer the “hangover” period, the greater risk exposure the company has. The only solution to this problem in the short term will be to apply automation wherever possible to expedite and fool-proof the deprovisioning process for departing employees.” 


Lastly, to build stronger security cultures that reduce insider risk, security leaders should define and communicate the company’s expectations around data sharing and data handling in the organization and train employees on safe cybersecurity practices.