"Silent Quitting" Poses a Cybersecurity Risk That Calls for a Change in Workplace Culture

Check out the on-demand sessions from the Low-Code/No-Code Summit to learn how to successfully innovate and gain efficiencies by improving and scaling citizen developers. Watch now.

Are your employees mind controlled with respect to their position? According to Gallup, "silent quitters," workers who are on leave and doing the minimum required of their job, make up at least 50% of the U.S. workforce.

Unengaged employees create new security risks for businesses because it only takes small mistakes, like clicking on an attachment in a phishing email or reusing login credentials to allow a hacker to gain access. access the network.

Given that 82% of data breaches last year involved the human element or human error, security managers cannot afford to ignore the risks presented by quiet resignation, especially amid the Great Resignation, where employees expect a better work-life balance.

Silent resignation and internal threats

While quiet quits and under-engaged employees are an insider risk, they are not necessarily a threat. Gartner distinguishes between the two by stating that “not all insider risks become insider threats; however, every insider threat started as an insider risk.

Event

Smart Security Summit

Learn about the essential role of AI and ML in cybersecurity and industry-specific case studies on December 8. Sign up for your free pass today.

Register now

Per Gartner's definition, every employee, contractor, or third-party partner can be considered an insider risk if they have credentials to access company systems and resources because they have the ability to disclose sensitive information and intellectual property.

Therefore, organizations must be prepared to prevent insider risks from becoming threats that lead to the leakage of regulated data. Part of this comes down to identifying employees who have left.

“It is important to be aware of silent quitting, so that a silent quitter does not become a loud leaker. Major indicators of silent quitting include an increasingly withdrawn individual becoming apathetic towards their work said Forrester Principal Analyst Jeff Pollard.

“If these feelings simmer long enough, they turn into anger and resentment, and these emotions are the main dangerous indicators of risky insider activity like data breaches and/or sabotage,” said Pollard.

Unfortunately, employee-facilitated data breaches are exceptionally common. A recent report published by Cyberhaven revealed that nearly one in 10 employees will exfiltrate data over a six-month period. It also found that employees are much more likely to disclose sensitive information in the two weeks before they quit.

CISOs and security teams also cannot afford to ignore this threat, due to the prolonged damage caused by insider incidents, which according to the Ponemon Institute take an average of 85 days to contain and cost businesses $15.4 million per year.

Consider work-life balance

Of course, when it comes to quietly quitting, it's important to remember that it's often difficult to distinguish between employees who are looking for a better work-life balance and those who have checked out and act negligently.

"While the term [quiet stop] is conveniently alliterative and ripe for buzz, underneath it is problematic and...