Check out all the Intelligent Security Summit on-demand sessions here..
The U.S. workforce is less productive than it was a year ago, with just one-third of respondents saying they are more committed to their jobs. Much has been written about the potential negative impact that ‘quiet smoking cessation’ can have on your economy and business performance, but there is another big overlooked impact. Increased cybersecurity risk.
Employees who “quietly quit” their jobs are more likely to burn out or be checked out, making them more prone to making mistakes that can jeopardize cybersecurity. Human error is the number one cause of breaches, and research shows that employees are more likely to make these mistakes when they’re distracted or tired.
It may seem like a small thing, but a mistake like emailing the wrong person or falling for a phishing scam can have serious consequences. Nearly a third of businesses are losing customers because emails are sent to the wrong people, and just last month, UK Home Secretary Suera Braverman said after making an email mistake that jeopardized confidentiality. I resigned. Meanwhile, Uber’s most recent headline-grabbing breach began with a simple phishing scam. This exposes organizations to significant risk of cybersecurity incidents.
Business leaders must understand the impact of a quiet exit on insider risk (whether malicious or not) and take steps to prevent it from turning into a costly data breach.
Intelligent Security Summit On Demand
Learn the critical role of AI and ML in cybersecurity and industry-specific case studies. Check out today’s on-demand session.
The perfect storm of stress and quiet quit smoking
By some estimates, so-called “quiet smokers” make up half of the U.S. workforce. These employees are often absent from work because their needs are not being met, and are described as doing the bare minimum necessary for their role.
This separation from work can be caused by factors such as back-to-work orders and other resentments, but the effects of stress and burnout cannot be ignored. People say they feel stressed at work at least every week, and 1 in 7 say they feel stressed at work every day. High employee stress levels, coupled with job disconnection, can pose significant security risks to an organization.
In a report by Tessian, which studies the link between psychological factors and falling for phishing scams, 52% of employees say they make more mistakes when stressed. This is why cybercriminals use stress and fear in their scams. They send phishing emails during the day when people’s guards may be down. They send out urgent, time-sensitive requests that appear to come from the CEO. They take advantage of stressful situations like job search, student loan forgiveness, tax season to trick people.
With employee burnout combined with sophisticated cyberthreats, it doesn’t matter if an employee clicks on a malicious link or falls for a phishing scam, it matters when. Nearly 60% of his organization experienced data loss in the last year due to employee email mistakes. Organizations must prepare for this insider risk.
Quitting quietly is not an option for CISOs
Given this increased risk of vulnerabilities, security teams are more important than ever in protecting their organizations. Unfortunately, these teams face ever-higher levels of burnout and pressure as cyberattacks become more sophisticated. Tessian’s report found that CISOs are working more overtime than in years past. 18% of her CISOs said he works an extra 25 hours a week. That’s double his overtime in 2021.
Security leaders also struggle to disconnect from work. Three-quarters report being unable to quit their jobs all the time, and 16% say they can rarely or never switch off. CISOs can’t afford to quietly quit. The average cost of a data breach has hit a record high of $4.35 million, and cybersecurity risks are higher than ever. Stress and distractions take their toll. Not only are weary employees more likely to make mistakes, but overworked security professionals are less likely to notice signs of compromise.
To defend against today’s threats, organizations must strengthen their enterprise-wide cybersecurity culture.
Involve all employees in cybersecurity
Nearly all IT and security leaders surveyed by Tessian (99%) agree that a strong cybersecurity culture is critical to maintaining a strong security posture. Unfortunately, the tendency to quit quietly can take employees away from cybersecurity and day-to-day business. One in three of her employees says she doesn’t understand the importance of cybersecurity in the workplace. 1 in 4 said they were not interested in cybersecurity enough to report an incident.
To combat this, organizations must involve their employees as part of the solution. A strong cybersecurity culture is one in which all employees, not just the security team, play an active role in protecting the organization. Everyone should be responsible for flagging suspicious activity, alerting security teams to potential breaches, and avoiding cybersecurity mistakes. This makes it important to implement a simple and accessible incident reporting system, such as email aliases and phone numbers that employees can contact.
It’s also important to train your employees on the latest advanced threats and how they can be targeted using real-world examples. One-size-fits-all training is not enough to combat today’s sophisticated and personalized attacks. Cybersecurity training should be tailored to individual factors such as individual roles, geographic locations, and types of data handled.
By taking these steps, organizations can counteract the impact of a quiet exit on cybersecurity and take the pressure off overworked security teams.
Tim Sadler is CEO of Tessian..
data decision maker
Welcome to the VentureBeat Community!
DataDecisionMakers is a place for data professionals, including technologists, to share data-related insights and innovations.
Join DataDecisionMakers for cutting-edge ideas, updates, best practices, and the future of data and data technology.
You might consider contributing your own article!
Read more about DataDecisionMakers