Top
Home / Cyber Security
Cyber Security, Featured

Top 5 ways layoffs increase cybersecurity risks

By

Layoffs and Cybersecurity risks: The opening months of 2023 brought a concerning start as prominent U.S. corporations like Amazon, Meta, Twitter, and others disclosed staff reductions due to concerns about an impending economic downturn, surging inflation, and increases in interest rates. The present landscape in the field of information technology is marked by increased susceptibility and emerging security risks. When companies swiftly trim their workforce, it can significantly affect their cybersecurity readiness.

In response to the constantly changing landscape of the technology-driven world, organizations have had to make the regrettable choice of downsizing in various sectors. While these choices are frequently indispensable for a company’s financial stability, they also bring about distinct cybersecurity difficulties.

The top five security risks caused by layoffs

During layoffs, organizations become highly exposed to insider threats. Insider threats refer to actions by employees or insiders that can harm a company’s data, operations, and reputation. Every year, these insider threats lead to the loss of essential data, disruptions in work, decreased productivity, and damage to a company’s image.

A report by Cybersecurity Insiders discovered that 66% of organizations consider themselves somewhat to extremely vulnerable to insider threats. Only 2% of the surveyed organizations believe they are not vulnerable to insider attacks. Insider threats encompass more than just stealing money; they can involve stealing sensitive information, sabotaging critical systems, or creating accounts that manipulate transactions or harm a company’s reputation. To safeguard against insider threats, it’s essential to have strong internal controls in place for prevention and detection.

Photo by Annie Spratt on Unsplash
Photo by Annie Spratt on Unsplash

Asynchronous identity data across systems

Mismatched identity data across various systems poses a significant concern in today’s digital infrastructure setup. In this framework, there are multiple systems for managing access, such as user access management, identity management, and privileged access management. When the identity information in these systems falls out of alignment, it can lead to substantial security risks and operational inefficiencies.

For instance, during layoffs, you might deactivate an employee’s account in the Human Capital Management (HCM) system. However, this action may not synchronize properly with other systems, causing issues like the ex-employee losing access to payroll and not receiving their salary. In the past, when business operations were mainly offline, this might not have been a critical issue. But in today’s digital landscape, where everything is interconnected, the timing, order, and coordination of account terminations across systems become crucial. This becomes even more vital during layoffs, as disgruntled employees and the potential for fraudulent activities increase the risks.

Orphaned accounts

Orphaned accounts, those that have no rightful owner or purpose, can lead to significant cybersecurity issues. Most cybersecurity incidents are rooted in the improper use of user identities and access permissions. During the upheaval of a layoff, accounts can be overlooked and left open, still having access privileges even though the user has left the company, rendering the account unnecessary.

These orphaned accounts lack a valid business owner to oversee them. Because they are not actively monitored or managed, it doesn’t take much effort for a malicious actor to locate and exploit these abandoned accounts, gaining unauthorized access to your company’s systems and data.

Untrained employees

Certain responsibilities vanish or get handed over to other employees during a layoff. Introducing a new team member might cause delays in providing essential IT services. Additionally, this newcomer might unintentionally compromise systems and data, leading to security weaknesses. Untrained individuals can disrupt your business by making mistakes, causing operational slowdowns, or even engaging in fraudulent activities.

Increased Segregation of Duties conflict

When a layoff occurs, the employees who stay often have to shoulder extra duties and gain access to additional data and systems to carry out these responsibilities. However, this newfound access may not undergo proper verification to guarantee that it doesn’t conflict with the principle of segregating duties, which helps prevent misuse of access to systems.

Photo by Sigmund on Unsplash
Photo by Sigmund on Unsplash

Ways to prevent cybersecurity threats during a layoff

To effectively manage cybersecurity risks during a layoff, consider the following steps:

Access Control: Implement robust access control measures to ensure only authorized personnel can access sensitive data. Be prompt in revoking access for departing employees.

Proactive Planning: Begin preparations for cybersecurity risks well before layoffs take place. Establish clear protocols for managing data access, retrieving company devices, and communicating with employees during the layoff process.

Threat Detection: Invest in advanced threat detection tools and technologies to effectively identify and mitigate cybersecurity risks. These tools can help you stay ahead of potential threats.

Employee Communication: Maintain transparent and empathetic communication with employees throughout the layoff process. This can help reduce anxiety and minimize the potential for retaliation or malicious actions.

Behaviour Monitoring: Continuously monitor employee behaviour and network activity for signs of unusual or suspicious actions that may indicate insider threats.

Remember that cybersecurity is an ongoing effort and should remain a top priority, even during challenging times like layoffs. Consistent vigilance and proactive measures are essential to safeguard your organization’s data and systems.

Tags: , , ,
0

George Mavridis is a journalist currently conducting his doctoral research at the Department of Journalism and Mass Media at Aristotle University of Thessaloniki (AUTH). He holds a degree from the same department, as well as a Master’s degree in Media and Communication Studies from Malmö University, Sweden, and a second Master’s degree in Digital Humanities from Linnaeus University, Sweden. In 2024, he completed his third Master’s degree in Information and Communication Technologies: Law and Policy at AUTH. Since 2010, he has been professionally involved in journalism and communication, and in recent years, he has also turned to book writing.

RELATED POSTS

Cyber Security, Tech

Calling all technology professionals, CISOs, CEOs, IT Directors, and cybersecurity experts—Zero Trust World (ZTW) is set for February 19-21, 2025, in Orlando, Florida. This is the must-attend, hands-on, three-day learning event that will reshape the future of cybersecurity.  Zero Trust World

Cyber Security, News

Cybersecurity becoming a black hole in more ways than just budget, research shows A majority of senior cybersecurity professionals at the UK’s largest organisations struggle with feelings of helplessness and professional despair, new research by Green Raven Limited indicates. These negative emotions result from practitioners’

Cyber Security

In today’s interconnected digital landscape, cybersecurity remains a critical concern for businesses and organisations worldwide. The UK Government’s Cyber Security Breaches Survey 2024 highlights the alarming prevalence of cyberattacks, with 50% of businesses and 32% of charities reporting at least

4i magazine was founded with the vision of enabling our readers to make sense of the modern world. Our mission is to provide our audience with the most important, cutting-edge tech news and insights. Today's media landscape features too much information and not enough knowledge. Our coverage aims to fix that, by focusing the spotlight on developing trends, up-and-coming talents, and news that's worth your attention.

info@4imag.com
jobs@4imag.com

© Copyright 4i Mag 2022 All Rights Reserved