The Great Resignation is upon us and with it comes data loss. The first six months of 2021 saw unprecedented turnover in the US labor market, after a full year of the COVID-19 pandemic. And with every individual that leaves an organization, a ripple begins – affecting both operations and risk. Research from Code42 illustrates a clear trend: data is leaving organizations – and it's leaving fast. The data shows a direct correlation between resignations, departing employees, and data exposure events. Turns out, when people leave, so do source code,
patent applications, and customer lists.
Insider Risk is a security risk that originates within an organization–it is created by employees and jeopardizes the
well-being and competitiveness of an organization, its customers, or partners. Unfortunately, Insider Risk has never been a more urgent problem for companies due to the convergence of three trends: portability of data, hybrid work, and employee workforce shifts, aka the Great Resignation.
This article provides analysis based on anonymized telemetry data from over seven hundred thousand endpoints running Code42 Incydr between January 1 and June 30, 2021. Our analysis identified a multitude of data exposure movement trends that security leaders, business leaders, and boards of directors should take critical notice of as part of their cybersecurity governance, and Insider Risk planning.
There were four major data movement and exposure trends
captured over the first half of 2021.
1. Data Exposure and User Exodus
At large, we observed spikes in data exposure that directly correspond to when people leave jobs. A trend that has been reconfirmed by the recent jobs report from the US Bureau of Labor Statistics. Not only did we see an increase in data exposure events between H2 2020 and H1 2021 (40% half-over-half), there's actually a massive increase quarter-over-quarter within the first half of 2021–a 61% increase to be exact.
The three-month period between April and June 2021 saw 61% more exposure events than the previous quarter and accounts for 86% of all exposure events (across all vectors) experienced by organizations throughout the previous half (July through December 2020). Net-net: data exposure peaked at the same time the US experienced a massive shift in employment.
2. Source Code Loss is Climbing
Digging deeper, the findings reveal that source code exposure specifically increased threefold over preceding quarters.
During Q2 2021, source code accounted for 11% of all data exposure events that Incydr detected. This was an 83% increase when compared to source code exposure detected in both of the previous two quarters. Interestingly, Q2 2021 accounts for 47% of all source code exposed within the past calendar year. Again, confirming the ties between massive job shifts and exposure of valuable, sensitive information.
3. Increase of Removable Media as compared with other vectors
Our data also illustrates that removable media (primarily USB drives) represented the most widely used single exposure vector. For the first time since we began collecting data over 18 months ago, removable media (accounting for 42% of all exposure events) eclipsed cloud sync agents (37%) as the top single exfiltration vector.
4. Google Chrome Top Used Among Web Browsers
Google Chrome accounted for 52% of all application exposure not tied to a cloud sync agent or removable media. Rather than indicating that Google Chrome is particularly problematic, this instead denotes that it retains its dominant market share within professional environments.
Our analysis illustrates that many of these employees will likely take data with them to their next company.
When data falls into the wrong hands, it's devastating to a company's competitive position and jeopardizes the financial, reputational, or operational well-being of a company, its employees, customers, and partners.
To learn more about managing Insider Risk, please visit the Code42 Insider Risk Management Framework page.
Code42 is a sponsor of the second annual Insider Risk Summit taking place virtually on September 14 - 15. Learn more and register to attend at https://www.insiderrisksummit.com/.