After the Great Resignation: How to mitigate Insider Threats 

It’s been two years since the start of the Great Resignation of 2021. But the trend didn’t stop that year: About 50.5 million people quit their jobs in 2022, superseding the Great Resignation statistics of 2021.

The most immediate impact of the Great Resignation was the pressure on employers to attract and retain talent. But that’s just the tip of the iceberg. A broader, long-term issue has been brewing underneath the surface — data security issues caused by insider threats.

What is an Insider Threat?

An insider has permission to access an organization’s data, files, networks, systems, equipment, and resources. They may include employees, former employees, contractors, business associates, etc.

An insider threat is a perceived danger that an insider may use their credentials to access an organization’s knowledge and resources, maliciously or unintentionally, and cause harm to the company.

Here are some examples:

  • An employee sabotages the company system and lets malicious third parties enter the network.
  • An employee downloads customer records before leaving their job and sells the data on the dark web.
  • A departing employee uses their former employer’s sensitive data or proprietary information in their new job.

How the Great Resignation has exacerbated Insider Threats

Insider threats in cybersecurity aren’t new, but the pandemic and the Great Resignation created the perfect storm that made them a major issue for many organizations:

  • The pandemic accelerated the work-from-anywhere trend, leading to the increased use of personal devices to access company networks and other challenges in managing data security.
  • As companies scramble to retain talent and get work done, they may become less vigilant in how employees perform their duties (e.g. allowing their staff to use unapproved personal devices and apps.)
  • The Great Resignation resulted in a shortage of IT personnel, making it even more challenging to track all company data, monitor employee activities, and implement proper insider threat detection.
  • As employees leave their jobs in droves, already-stretched-thin IT departments lack the processes and resources to perform proper offboarding to revoke access privileges from all devices.

In fact, 71% of organizations admit they don’t know how much sensitive data departing employees take with them when they leave their jobs.

How to prevent Insider Threats caused by the Great Resignation

To mitigate insider threats caused by rapid employee turnover, companies must cultivate insider threat awareness among their IT staff. They should look out for these insider threat indicators:

  • Unusual data movements within the network, such as spikes in downloads.
  • Frequent requests from an employee to escalate access privileges.
  • Employees who use unsanctioned software and hardware to handle company data (also called shadow IT).
  • Frequent access to data not pertinent to an employee’s job functions.
  • Renamed files with extensions that don’t match the content, which may be an attempt to mask data exfiltration.
  • Activities from accounts of employees who have left their jobs.

Companies should implement a zero-trust architecture to make all data available on a need-to-know basis. Also, limit the number of users who can access sensitive data as part of the insider threat management effort.

Most importantly, organizations must enforce a stringent and comprehensive offboarding process to address the impacts of the “turnover tsunami” by reducing the risk of insider threats and data breaches when people leave the company.

How to reduce Insider Threats with an airtight offboarding process

Here are the essential steps to ensure the effective offboarding of departing employees:

  • Implement a mobile device management (MDM) application to monitor all employee devices connected to your network.
  • Retain or restore a departing employee’s files by downloading them from all devices that can access company data.
  • Deactivate the employee’s accounts in all applications and sign them out of all devices and online sessions.
  • Deny the user’s access to all company networks and cloud-based services.
  • Revoke their access to shared accounts — a password management tool can help streamline the process.
  • Collect all company-issued devices such as computers, smartphones, tablets, external hard drives, access badges, etc.
  • Work with the legal department to monitor and enforce terms and conditions of employment, including confidentiality agreements.
  • Notify partners and customers about the employee’s departure so they can revoke access and look out for suspicious activities.

How MSPs can help their clients mitigate Insider Threats

Many organizations still face IT resource constraints and challenges in implementing security measures for insider threat protection. Now more than ever, more companies rely on their MSPs to cover all the bases and safeguard their networks and data.

Educating your clients on these threats and helping them implement the right insider threat program can help you open many revenue opportunities. But adding these security services to your offering can be challenging — especially since many providers also struggle with talent shortages caused by the Great Resignation.

Also, watch out for insider threats within your company by implementing the precautions to prevent threat actors from exploiting your employees’ access privileges to breach your clients’ data and networks.

The good news is that you can tap into these immediate revenue streams while protecting your own infrastructure without building an in-house Security Operations Center (SOC) from scratch, which is a time-consuming and costly endeavor.

inSOC provides a range of  SOC as a Service (SOCaaS) packages to help MSPs and MSSPs expand their cybersecurity programs. Our SOC team will help you conduct risk assessments (also a great way to educate clients about their security postures), implement offboarding processes with robust security protocols, and monitor customer networks to identify suspicious activities.

Additionally, our MSP Protect package safeguards your network from internal and external threats to lower the risks of supply chain attacks while allowing you to focus on delivering top-notch services to your customers.

Get in touch to see how we can help you support your customers to mitigate insider threats by addressing the many moving parts, implementing ongoing monitoring, and providing vulnerability management to catch suspicious activities before they become security issues.

You may also be interested in..