- Companies are facing a heightened threat of insider risk to their proprietary data amid a growing phenomenon of turnover in the labor market, dubbed The Great Resignation, according to research from cybersecurity provider Code 42.
- The number of data exposure events rose 40% between the second half of 2020 and the first half of 2021, according to telemetry data from Code42. During the second quarter of 2021, the April-June time period, data exposure events jumped 61%, when compared to the January-March quarter.
- Source code was exposed during the second quarter at a rate three times higher than prior quarters, according to telemetry data. Source code accounted for 11% of all data exposure events during Q2, an 83% increase when compared to prior quarters.
Insider risk has been a leading concern for years in terms of the need to protect corporate data. Companies have put protocols in place to protect against the exfiltration of emails, contacts, intellectual property and financial information by existing workers, disgruntled employees, contractors and others who might have privileged access to certain information.
However, Labor Department data shows there were about 4 million resignations during the month of April, marking a new trend in the U.S. Millions of workers are ready to walk away from their current work environments, either for new jobs or in some cases no job at all, and veteran security executives say corporate data most often moves when employees decide to leave.
“We know from working with hundreds of customers and hearing their stories that the number one indicator that someone is going to take data is that they plan to leave the organization,” Joe Payne, CEO of Code42 told Cybersecurity Dive via email.
About two-thirds of corporate data breaches typically involve an employee, Payne said. And about 63% of workers who admit to taking data with them to a new job are repeat offenders, Payne said.
Employees tend to remove data prior to submitting their actual resignations, and data is often exfiltrated 10 days or more before the worker quits. So the data loss is a bit difficult to detect by traditional screening methods, according to Payne.
“Security organizations that begin watching the activity of employees after they resign will miss much of the exfiltration,” Payne said.
The Code42 research shows that USB drives are the most frequently used method of exfiltrating data.
The risk from insiders has been an ongoing concern at companies for many years, and even contributed to recent activity, including the Colonial Pipeline ransomware attack in May.
A dormant VPN account at Colonial Pipeline was used to access IT systems at the company, which provided gasoline and other forms of fuel and heating oil to the southeast and eastern coast of the U.S.