Mass layoffs and data breaches seem to dominate headlines in recent months. Now a startling new study suggests these two trends may be more closely linked than we ever imagined. Researchers from Binghamton University in collaboration with international partners, have uncovered a potential cybersecurity time bomb lurking within corporate downsizing decisions. Their findings paint a sobering picture: companies that announce layoffs may be inadvertently increasing their risk of falling victim to devastating cyberattacks.
The study, presented at the Pacific Asia Conference on Information Systems in Vietnam, comes at a critical time. In the first quarter of 2023 alone, over 136,000 employees in the United States were let go in a wave of layoffs. Tech giants like Amazon, Google, and IBM weren’t spared, leaving thousands of skilled workers suddenly jobless. But as companies tighten their belts, they may be loosening the locks on their digital vaults.
Why layoffs are linked to poor cybersecurity
So, how exactly do layoffs make a company more vulnerable to cyber threats? The researchers identify several key factors:
First, there’s the human element. Layoffs create a perfect storm of negative emotions among both departing and remaining employees. Anxiety, stress, and resentment can cloud judgment, making people more likely to cut corners on cybersecurity protocols or fall for phishing scams. In some extreme cases, disgruntled ex-employees might even be tempted to strike back by exploiting their insider knowledge of company systems.
“Some companies try to be nice by announcing layoffs first, terminating access to the laid-off employees later, but that can easily open the door to cybersecurity risks—especially if the laid-off employee is feeling vengeful,” says lead researcher Thi Tran, an Assistant Professor of Management Information Systems at Binghamton, in a statement.”Because they used to be an employee, they have confidential information about security layers that can be bypassed. The more they know about the system, the worse it could be.”
Then there’s the brain drain effect. When companies downsize, they often lose valuable cybersecurity expertise. This leaves them less equipped to fend off increasingly sophisticated attacks. Imagine a fortress suddenly losing its most experienced guards – the walls may still stand, but they’re much easier to breach.
Budget cuts accompanying layoffs can also leave cybersecurity initiatives underfunded. Companies might delay crucial software updates or scrap plans for new security measures. It’s like deciding not to fix a leaky roof to save money – you might be fine for a while, but when the big storm hits, you’ll wish you had made the investment.
Lastly, the negative publicity surrounding layoffs can make a company an attractive target for hackers. Some cybercriminals, driven by a warped sense of justice, might see a downsizing company as deserving of attack. It’s a bit like kicking someone when they’re down – morally wrong, but unfortunately all too common in the digital underworld.
How companies can prevent data breaches
The study doesn’t just sound the alarm; it also offers a potential shield. The researchers found that companies with strong corporate social responsibility (CSR) practices may be better protected from this layoff-induced cyber vulnerability. CSR encompasses a company’s efforts to operate in an ethical and sustainable manner, benefiting society beyond just making profits. Think of a company that prioritizes environmental protection, fair labor practices, or community involvement.
But how does being a “good corporate citizen” help ward off cyberattacks? The researchers suggest several possibilities. First, companies with strong CSR tend to have better relationships with their employees, potentially reducing the risk of insider threats. They might also be more likely to provide support and resources to laid-off workers, lessening feelings of resentment. Additionally, a positive public image cultivated through CSR efforts could make a company a less appealing target for hacktivists or other politically motivated attackers.
‘Humans weakest link of IT security chain’
This research serves as a wake-up call for business leaders navigating tough economic times. While layoffs might seem like a quick fix for financial woes, they could be opening the door to even costlier cyber disasters. An IBM Cost of Data Breach report in 2023 revealed that the average data breach cost companies a staggering $4.5 million – a 15% increase from the previous three years. This price tag could easily wipe out any short-term savings from workforce reduction.
Associate Professor Sumantra Sarkar, who is helping conduct the research, puts this in perspective: “In the old days, industries were more manual-oriented, and you could not replace people with the click of a button, but in the current information technology world, you hire people by the thousands, and you can lay off people much the same way. This opens the door for our research because humans are statistically the weakest link of the IT security chain.”
The message is clear: cybersecurity can’t be an afterthought, even (or especially) during times of corporate belt-tightening. Companies considering layoffs need to factor in the potential cybersecurity risks and take proactive measures to mitigate them. This might involve strengthening security protocols, providing extra support and training for remaining employees, and maintaining robust CSR initiatives even in the face of budget pressures.
Source: https://studyfinds.org/data-breaches-linked-to-mass-layoffs/