The Great Resignation

Uploaded on 2022-12-16 in NEWS-News Analysis, JOBS-Careers, FREE TO VIEW

According to Fortune Magazine, 40% of U.S. employees are considering an exit from their current place of business. This trend, which has been termed “The Great Resignation,” creates instability within organizations. High employee turnover increases security risks, making companies more vulnerable to attacks as human infrastructure becomes fragmented, leaving gaps that very often expose an organization.

This problem is compounded by the “Quiet Resignation” or quiet quitting - a trend of employees who feel overworked because of additional responsibilities placed on their shoulders, due in large to today’s employee shortage.

This trend has employees choosing to not go above and beyond in their jobs, such as not checking email in off-hours, passing on assignments outside of their normal duties, and limiting their compliance with security rules and practices.

Because of this employee exodus, the influx of untrained employees, and general malaise, the deployment of a successful security awareness program can be more challenging than ever for security teams.

With new employees entering the organization at every level, the extent of cultural dissonance increases, creating instability. Security professionals need to act quickly in response to security concerns caused by this instability to protect their organizations during these volatile times.  

Issues that commonly arise as employees transition out and enter the organization include the following: 

  • Potential data leaks:   When employees leave, there's a high risk of sensitive data leaks. Poor off-boarding processes and lurking emails may lead to data loss.
  •  Need for educational leveling:   When new employees join the organization, even if security training is well conducted, they are usually not on par with their peers. Unknown security habits may put the organization at risk, requiring the need for supplemental training.
  • Security oversight by employees:   With fewer staff, employees are overburdened and pressured. Security may be "forgotten" or neglected in the process.
  • Lack of support for remote work:  To support rapid employee recruitment, working at home is a must. Remote work flexibility helps to attract and retain new employees. 
  • Training mobility:   Remote work requires securing remote devices and dealing with new employee behavior for inherent distractions - on the go and at home.

With these challenges confronting organizations, security teams should consider deploying the following strategies:

1.    Continuous Training:   All employees are needed to protect against sophisticated phishing threats and this has become even more complicated in light of The Great Resignation. Because of the fractured and less-trained employee base, companies are at much greater risk. To mitigate that risk, training needs to be frequent - at least once a month and short – to not add additional burden to already burned-out employees. The training must also be positive so employees are motivated to get actively involved in the cybersecurity effort. 

2.    Prioritize New Employees:   Security depends on employee help and cooperation. Therefore, it is important to establish best practices in the workplace. New employees with unknown cybersecurity habits pose a high risk for the organization and need to level up their awareness fast. Start with low difficulty, create a foundation, then continually promote learning to the next level. 

3.    Implement data-driven Training:  For a cyber awareness training program to be successful, security teams must plan, operate, evaluate and adapt the training continuously. With data-driven platforms, security teams can monitor campaign performance to fine-tune employee defenses and build custom high-intensity training campaigns for high-risk groups, while also adapting the training per employee locale - to optimize learning results.     

4.    Maintain Vigilance:   Security itself is a full-time job. Keeping the training unpredictable to maintain employee vigilance is an essential part of the process, such as surprising simulation campaigns in a continuous cycle with the idea of catching employees off-guard – which deliver the best learning experience. To create high engagement, ensure training content is relevant to daily actions. Use short, frequent, and intriguing content in the employees’ own language. Tailor the training content to local references and current news.

5.    Promote long-term results:  Take advantage of the 'golden moment’ of failure to generate a meaningful learning experience. Instead of random enforcement training which can often be irrelevant to employees, make a lasting impression right when mistakes happen. Ensuring that training uses this limited window of time is also known as ‘just-in-time learning and is the key to the most effective results and behavior change. 

Comprehensive integration of the latest security know-how into everyday work is a must to counter the new risks of The Great Resignation and related workforce trends, making it more important than ever for every employee to get up to speed for high cyber resilience quickly.

Until the current state of affairs shifts in a direction more favorable to a stable and secure environment, IT professionals must be proactive in their security awareness training approach.                 

Omer Taran is the Co-Founder and CTO of CybeReady

You Might Also Read:

Cyber Training And The Skills Shortage:

 

« Under A Watchful Eye - Unified Observability
Britain's Cyber Security Laws Get Updated »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

StoneFly

StoneFly

StoneFly offers High Availability, high performance cluster and scale out storage, and backup and disaster recovery appliances.

Stott & May

Stott & May

Stott & May is a specialist cyber security recruitment agency.

AdNovum Informatik

AdNovum Informatik

AdNovum Informatik provides a full set of IT services, ranging from consulting, the conception and implementation of customized business and security solutions to maintenance and support.

Cienaga Systems

Cienaga Systems

Cienaga Systems is a leader in autonomous cyber threat hunting technology.

NETAS

NETAS

Netas offers solutions in information and communication technologies including end-to-end value added solutions, system integration and technology services to providers and corporations.

Swiss Accreditation Service (SAS)

Swiss Accreditation Service (SAS)

SAS is the national accreditation body for Switzerland. The directory of members provides details of organisations offering certification services for ISO 27001.

Macomb-OU Incubator

Macomb-OU Incubator

Macomb-Oakland University Incubator supports startup and emerging companies in the niche industries of defense, homeland security, advanced manufacturing and technology.

THEC-Incubator

THEC-Incubator

THEC-Incubator program is designed for international and ambitious tech startups in the Netherlands. Areas of focus include Blockchain and Cyber Security.

Clario Tech

Clario Tech

Clario is a simple, comprehensive, personalized protection app. It comes with a full suite of intelligent security software and intelligent people to help you live a better, safer digital life.

OwnZap Infosec

OwnZap Infosec

OwnZap Infosec aims to digitally shield the cyberspace by offering services like Penetration Testing and Red Teaming, Infrastructure Security Testing, and Vulnerability Assessments.

Xopero Software

Xopero Software

Xopero Software develops a comprehensive range of professional tools for protecting and restoring critical business data.

Cyber Bytes Foundation

Cyber Bytes Foundation

Cyber Bytes Foundation exists to establish and sustain a unique Cyber Ecosystem to accelerate the development of a strong Cyber workforce and support community outreach programs.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

N2K Networks

N2K Networks

N2K Networks is the world’s first “news to knowledge” network. The news to knowledge network is how you stay at the cutting edge in a rapidly changing world.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

OneStep Group

OneStep Group

OneStep Group are a leading Australian provider of information and communications technology (ICT) services, connecting businesses through technology solutions and support.