Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Human Risks. Show all posts

Quiet Quitting: High Time to Shift Existing Workplace Culture


As per a Gallup finding, “Quiet quitters,” the employees who are apparently detached from their jobs and do a minimum of the required work as a part of their roles, make up at least 50% of the U.S. workforce (or more). 

Unengaged employees increase security risks for businesses, since it only takes a minor error, like clicking on an attachment in a phishing email or using the same login credentials in order to enable access to an attacker to the respective network. 

Taking into consideration that at least 82% of the data breaches in 2021 included human errors, security experts cannot ignore the risks of quiet quitting, especially amidst this era of Great Resignation, in which employees look forward to a better work-life balance. 

Quiet Quitting and Insider Threats

Although these under-engaged and quiet quitting employees pose a potential insider risk, they are not always a threat. In regards to this, Gartner asserts that “not every insider risk becomes an insider threat, however, every insider threat started as an insider risk.” 

Given the risks, organizations must be prepared to combat insider risks from turning into potential threats that could disclose regulated data. 

“It’s important to be aware of quiet quitting, so a quiet quitter doesn’t become a loud leaker. Leading indicators for quiet quitting include an individual becoming more withdrawn becoming apathetic towards their work,” says Jeff Pollard, Forrester VP Principal Analyst. “If those feelings simmer long enough, they turn into anger and resentment, and those emotions are the dangerous leading indicators of insider risk activity like data leaks and/or sabotage.”

Unfortunately, data leaks caused by employees are exceptionally common. According to a recent Cyberhaven survey, during the course of six months, almost one in ten employees will exfiltrate data. Additionally, it was discovered that employees are considerably more inclined to divulge sensitive information in the two weeks before their resignation. 

Employees Consider Their Work-Life Balance

It is important to keep in mind that it can be challenging to distinguish between workers who are seeking a better work-life balance and those who have checked out and are acting negligently when discussing quiet quitting. 

“While the term [quiet quitting] is conveniently alliterative and ripe for buzzworthyness, underneath it’s problematic and requires further definition. Are employees who are content with their current position and maintaining reasonable work-life boundaries quitting? […] A large portion of “quiet quitters may actually be some of our safest and most reliable employees, so let’s redefine “quiet quitters” as only those who are willfully disengaged and apathetic but staying just above the thresholds that would potentially lead to their dismissal,” says Josh Yavor, Tessian CISO. 

When looking forward to the ideas of how should threats, caused by disengaged and apathetic employees, be mitigated, one must be considerate before putting blame on anyone. Since, the underlying reasons might as well be an unhealthy working ambiance for the employees, for they could be burdened with unattainable expectations or deadlines, or even workplace harassment and bullying. 

Quiet quitting, in this sense, necessitates a company-wide effort to support employee wellness and work-life balance, not merely a difficulty for security teams to address. 

Mitigating Insider Risks: 

In order to reduce the risk of potential insider risks, companies must take into account the sentiments of their working staff. 

(ISC)2 CISO Jon France says, “While quiet quitting is a relatively new term, it describes an age-old problem — workforce disengagement […] The difference this time around is that in a remote work environment, the signs may be a little harder to spot. To prevent employees from quiet quitting, it is important for CISOs and security leaders to ensure and promote connection and team culture.”

In the remote and hybrid working culture between company employees, the mere acknowledgment of their work-life balance is not sufficient. Organizations must as well be supportive of their employees, ensuring they are not at any risk of work stress or burnout. Additionally, taking into consideration the way its employees narrate working in an organization. 

Addressing Human Risks

While it is important to look after employee engagements, one must also consider mitigating human risks in an organization in order to evade potential data leaks. 

One of the easier ways to reduce the risk of data leaks is by ensuring that employees are enabled access to only the data and resources that they require in order to perform their roles. It further ensures limited exposure to the organization specific data. 

Another solution is to offer employees security awareness training, conducted by the organization, in order to educate them about employee security-conscious behaviors or how to detect phishing attacks or scams. As a result, aiding to evade the chance of potential credential access and account theft attempts by threat actors. 

This way, an individual could be helpful to the organization in maintaining its security, detecting and managing a variety of human risks, and kickstarting cultural changes.