Researchers at Binghamton University are looking into a possible link between mass layoffs and data breaches. They suggest that employees laid off in big numbers may feel stressed and insecure, making them more likely to take risky actions that could harm a company’s data security.
The study explores how laid-off employees might act out of revenge, trying to “punish” the company by hacking it. The researchers point out that if companies delay cutting off access to these employees, they could exploit their knowledge of the company’s security systems.
Corporate responsibility
To prevent such risks, the researchers propose that companies should focus on corporate social responsibility, especially around ethical behavior and data security during layoffs. This could help reduce the chance of data breaches caused by former employees.
The IBM Cost of a Data Breach report in 2023 highlighted the financial impact of data breaches, with the average cost being $4.5 million, a 15% increase over the past three years. This shows the importance of preventing such incidents.
Sumantra Sarkar, an associate professor involved in the research, explains that the ability to hire and fire large numbers of people quickly in today’s tech-driven world is new. This makes companies more vulnerable to security issues from disgruntled employees or insiders who know the company’s systems well.
Keep in house
The researchers also caution against outsourcing IT and cybersecurity tasks as a way to save money during layoffs, as this can leave companies more exposed to attacks, including from politically motivated hackers.
Overall, the study suggests that companies should be more proactive in managing how they are perceived by the public and in understanding the risks posed by layoffs. The human factor, including the actions of insiders, is often the weakest link in cybersecurity.
“When people hear about layoffs, it’s going to be viewed as something bad that can happen to them or anyone else in society. So, if you’re in tune with how people consume information, you want to do whatever you can to build a good picture in the public’s mind to minimize negative consequences,” the researchers conclude. “We’re looking at not only the probability of something like data breaches resulting from mass layoffs happening but the severity if something like that actually does happen.”
