As Layoffs Loom, Be Cognizant of Increased Insider Risk

Since the very beginnings of the novel coronavirus (COVID-19) pandemic, businesses of all sizes have struggled to adjust to the new occupational normal. IT teams have not been immune to the disruption. Neither have information security teams for that matter. While employment in the IT sector remains much more resilient than other segments of the economy, employment in the IT sector still declined by about 1% last month, even as businesses compete for technical talent and continue digital transformations.

According to an analysis by industry trade group CompTIA, the technology sector’s job losses for April totaled 111,900 positions. “And though the month’s job losses were the highest in the tech industry’s history, the total was well below the numbers of layoffs recorded in other industries, including restaurants, retail, healthcare, government, construction, hotels, education, and automotive,” the group wrote in their statement.

Before the pandemic, research firm IDC estimated that real GDP in the US would hit 2.4%. But that forecast, for the entire year, was reduced to a potential, pessimistic view, of 1.4%. When it comes to IT spending, the research firm is now expecting a low down to 1.3% from its prior forecast of 5.1%.

“Things are moving so quickly that we need to recalibrate our assumptions and expectations constantly, but the pessimistic scenario reflects an IT market in which weaker economic growth translates into weaker business and consumer spending across all technologies over the next few quarters. Things could get worse, but hopefully not,” Stephen Minton, vice president in IDC’s Customer Insights and Analysis group, said in a statement.

When it comes to security positions, and my anecdotal observations, I’ve noticed a few security professional friends and associates announce on Facebook, LinkedIn, and Twitter that they have been released and are looking for new positions.

Additionally, to cope with the survey found that 47% of security respondents said that they had been reassigned to IT tasks, and 30% said security incidents have increased, compared to 17% where resources have not been shifted, and security professionals remain focused on their core responsibilities.

These conditions create a substantial risk. Security teams are now frazzled, and their attention is divided, but there is also an increased risk of nefarious insider activity. Employees who believe they are likely to lose their jobs or are disgruntled, or generally upset at their boss or company leadership are more likely to take action that would be detrimental to data security. As we covered in The high risk of data loss associated with employees when employees leave their employer, about 63% will take data with them.

Then there are the risks from outsiders. According to a recent survey from the trade group (ISC)², the (ISC)² Cybersecurity Pulse Survey, about 23% of organizations said that they had witnessed an increase in cybersecurity incidents since increasing the number of people who work from home. Some respondents said that their incidents rose 100%.

That’s quite a leap in risk. To reduce risks, there are several steps enterprises can take. Much of it is security basics, but in a time of rushed changes, even the basics can be hard to achieve. Not everything is common sense, especially for those organizations laying off security staff, they must do their best to maintain a good culture, be straightforward with their staff about layoffs, and provide decent severance packages. There's not much gained by having several upset security professionals tweeting about how they feel an organization has mistreated them. After all, not only are adversaries watching how security professionals may no longer be working their digital posts, so are future potential employees.

There’s also the technical controls that need to be put into place. These include VPNs for remote workers, good endpoint security, and the ability to monitor and effectively manage alerts triggered by unusual activity with data and systems. Implementing multi-factor authentication, if it's not already been done, is also another good idea. 

This is a turbulent time for organizations, as they try to navigate the economic and the health implications of the novel coronavirus pandemic. And it's all too easy to make mistakes, which is why it's just as important as ever to make sure errors don't include self-inflicted and avoidable, cybersecurity mishaps.