In the shadowy corners of the tech world, there are many stories of administrators locking organizations out of their own IT environment, greedy employees selling data, or security engineers making a backdoor into the network. The motivations for such acts can range from financial gain to revenge, and the consequences are usually disastrous for all involved.
The recent tech layoffs that have swept various industries have only added to the phenomenon. “Very large organizations only need a poorly screened and treated one [employee] to inflict a lot of damage,” says Frank Price, CTO of CyberGRX, a company that helps organizations manage, monitor and mitigate risk in their partner ecosystems.
Internal sabotage can begin even before workers are fired. The mere rumor that a company is downsizing can create a sense of panic and confusion, which can cause people to react in harmful ways. “There are three things that determine whether or not an employee leaving the organization can become bitter if not handled properly: access, motive and opportunity,” says Tom Van de Wiele, principal threat and technology researcher at WithSecure.
Data shows that employee disengagement can lead to brand damage, reputational damage or financial loss. According to DTEX Systems’ 2023 Insider Risk Research Report, 12% of employees dispose of sensitive intellectual property upon leaving an organization. This often includes customer data, health records, sales agreements and other vital documents. The people most likely to cross the line are those with side gigs or looking for new career opportunities, perhaps at a competitor.
These are all serious concerns for organizations, but luckily, these situations can be prevented. Here are some steps you can take to mitigate negative outcomes during the layoff process.
Show empathy and respect
Layoffs are almost always emotional experiences for employees. “Companies need to realize that all human beings deserve respect and care,” says Armaan Mahbod, director of security and business intelligence for counter-insider threat at DTEX Systems. “Whether the outcome is positive or negative, empathy can go a long way.”
To ensure fairness in such difficult times, organizations should prioritize transparency, openness and integrity in their leadership. According to Price, “pain can be managed much more easily when a high-integrity process is in place, offering affected employees respect and overall reasoning as to why an organization is making the difficult call to downsize.”
Providing real support, such as consulting services or professional coaching, can also help minimize the impact of layoffs and reduce the likelihood of careless or intentional security breaches, says Bob Burke, vice president of security and infrastructure at Beyond Identity.
Also, empathy and respect should be extended to all employees, not just those who are let go. As Van de Wiele says, “Keeping your employees happy by listening and acting is key to making the difference between someone who works for your organization and does their job versus someone who is looking for your company with their best intentions”.
By prioritizing the well-being of all employees and fostering a culture of empathy and respect, organizations can promote a positive and supportive work environment, even in difficult times.
Collaboration between departments can prevent insider threats
The opt-out process is made much easier if HR departments, financial experts, internal IT, CISOs and other stakeholders work together. CISOs are especially crucial to the equation, as they play a critical role in the organization’s overall security.
“Make sure … key security personnel are in the inner circle of major layoffs and have a plan for all actions,” is Price’s advice to companies. Including CISOs in the conversation can help prevent situations where disgruntled engineers or vendors realize they’re still connected to GitHub or Salesforce and can cause harm. These situations are particularly common as many terminated employees have insider knowledge as well as access to exploitable passwords, software and systems.
“Without proper access controls, malicious privilege escalations will be incredibly difficult to notice,” says Price. “This can be managed well if all the time, resources and protocols are implemented and followed, but in the case of mass layoffs, this process is often more chaotic.”
It helps if organizations prepare and strategize everything in advance, as Mahbod suggests: “Designate a specific committee that is notified of upcoming layoffs as far in advance as possible to prepare for the potential fallout.”
Avoid data and code loss
When an employee leaves a company, abruptly or not, the possibility of data or code loss can significantly affect the organization’s security posture. Although most employees are not considered a cybersecurity risk, a study conducted by DTEX Systems shows that “roughly 50% of people in any organization” save confidential intellectual property from projects they’ve contributed to . They do this in case they leave the company, says Mahbod. What’s even more concerning is that 12% of these employees take data from projects they haven’t even worked on.
Companies should realize that “the real risk comes from their own corporate firewall,” Mahbod adds. “The future of data loss prevention and protection is focused on people, not data.”
Companies should monitor data loss activities and implement policies to limit the unnecessary movement of data in and out of the organization. This could include applying device locks to file uploads to personal webmail, file sharing sites, or USB ports to prevent successful exfiltration events, especially those that occur through terminations.
This approach could also help address the risk of ‘peer solicitation’. “Malicious and disgruntled employees may look to lean on colleagues who may not be aware of their termination to access additional data,” says Amit Tailor, director of systems engineering for UK Enterprise, Palo Alto Networks.
This applies to both digital access and physical access, he adds. “Former employees will be familiar with office layouts and access methods to physical facilities. In some cases, they will be a familiar face and familiar to front desk and security staff.”
Pay attention to inactive accounts
Hackers often target businesses that have experienced downsizing. “They can try to compromise dormant accounts that haven’t been suspended yet, or intercept hardware that’s in transit back to corporate headquarters,” says Price. “That’s why it’s critical to be diligent about inventorying all devices, properly monitoring and archiving old accounts, and verifying that all access, equipment and other attack surface areas are fully addressed.”
The risk of account and device hijacking can be reduced if organizations can easily revoke access to company assets immediately. Having a single identity system will allow for consistent one-time revocation or deactivation of an account and all corporate resources, says Tailor.
Fully adopting single sign-on (SSO) across all services should be “the top priority,” adds Dimitri Stiliadis, CTO and co-founder of Endor Labs. “Static credentials and privileged access that cannot be revoked through single sign-on mechanisms is probably the highest risk.” Stiliadis also emphasizes that when it comes to software supply chain security, “SSO and proper integration with development services such as supply chain management (SCM) tools and CI/CD pipelines are safeguards essential”.
Be aware of existing security gaps
In times of stress, everyone, not just laid-off employees, can make mistakes. “Uncertainty and stress can distract people from doing their jobs with normal diligence, introducing security gaps caused by unintentional carelessness,” says Mahbod.
It always helps to know what your organization’s weakest security points are and proactively address them, thinking about possible ways they can become threats. Awareness, education and policy change can help address these risks.
Make business continuity a priority
Security leaders should be involved in all business continuity conversations. Even better, they should lead the conversation. “These business continuity plans should include identification of single points of failure and other pertinent information that needs to be reviewed before layoffs occur,” says Price.
If a person leaves unexpectedly, the lack of decent business continuity processes could result in data loss or system availability, among others.
Consider phasing out
Sometimes, taking a phased approach to termination can be beneficial to both the laid-off employees and the organization. HR teams could have more time to help people deal with the situation, while at the same time business continuity could be better preserved. Terminated employees can end work, hand off tasks, and pass on key information.
“This also allows the security team more time to review all accesses and revoke them when possible,” says Burke.
But regardless of how smooth the phase-out process is, critical knowledge or experience is always lost. According to Burke, this can be mitigated by cross-training employees where possible as a general practice to create redundancy and reduce isolation, and by asking teams to provide up-to-date documentation and runbooks on processes, to ensure knowledge critical that it is easily accessible to everyone who needs it. this
Identify and delegate access to information whenever possible
Relying on a single person for any system or business function is not a good idea. “When an employee leaves an organization, there should be a designated person who remains part of the company and has access to all information, systems and data,” says Tailor. “In some cases, it could be more than one person, and access could be divided by sensitivity or function.” Of course, granting access to confidential information to the wrong level of employees could increase potential risks.
Copyright © 2023 IDG Communications, Inc.
Source link
Layoffs have always been a daunting task for both employees and employers. Over the past decade, with the rapid advancement of technology, the process has become more complicated. While it’s necessary to make cuts to the workforce to stay competitive, there are several important security implications to consider during tech layoffs.
Undoubtedly, layoffs significantly impact those that go and those that stay. However, the greatest risk comes from potentially exposing confidential data and increasing the risk for cyberattacks. When an employee is let go, an organization puts itself at risk of having data or credentials abused if not properly addressed following the termination.
At Ikaroa, an experienced tech company, we understand the significance of security measures during layoffs. Therefore, we recommend compliant practices that can help reduce cybersecurity risk.
One of the best practices is to begin communicating restructuring once the layoffs are final. Managers should communicate the terms of the layoffs, inform the remaining employees of any cyber threats or data theft, and what practices should be followed moving forward.
Another measure organizations should take is to ensure they disable access to all data associated with terminated employees at the moment of termination. Doing so can help mitigate the risk of confidential information being accessed by the wrong people.
Organizations should also consider continuously monitoring data sources and alerting whenever credentials are associated with malicious activity. It is important to be aware of the data stolen and the means in which it was stolen, to be able to detect any suspicious activity regarding their data.
Finally, it is important to store employee data in separate secure databases. This will ensure that in the case of a breach, corporate information contained on employee or device will extended to the rest of the corporate infrastructure.
From the moment layoffs are announced, organizations should consider how to protect data from security threats. It is important to take proactive steps to reduce risk, and for that reason, it is essential for organizations to partner with expert IT teams such as Ikaroa that can help develop strategies and solutions to ensure data is secure during tech layoffs.
