How the Great Resignation Is Weakening Security Defenses (and What To Do About It)

Sep 1, 2022
Kenna Security

Share with Your Network

What’s been dubbed the Great Resignation (also known as the Great Reshuffle, the Big Quit, or the Turnover Tsunami) has been redefining the workforce since workers quit in droves in 2021. Resignations peaked in November of last year with a record-breaking 4.5 million workers saying sayonara to their employers. This trend held fast through to 2022, with another 4.3 million quitting in June and 4.2 million quitting this past July. Driving this mass exodus is a search for higher pay, a healthier work/life balance, or time to devote to side gigs to fund a less career-focused life.  

But greener pastures aren’t always on the other side of that resignation letter. UKG, a payroll services firm, found that 43% of those that quit their jobs during the pandemic are experiencing regret, or what some call the Great Regret as a way to describe the painful post-resignation hangover. This firm also reported that about 20% of those people are now back at their old posts.  

This workforce whiplash is teaching security leaders they need to be prepared for anything. Compounding this realization is a looming recession, an ongoing security talent shortage, and staggering cyberattacks. Whether resigning or regretting is trending, CISOs and business leaders need to rethink their approach to cybersecurity and take meaningful measures to secure their defenses in the face of risks associated with staff coming and going. 

Why the Great Resignation poses such a great risk 

The Great Resignation comes at a time when companies are already grappling with a changing cybersecurity and infrastructure landscape. Prior to the emergence of COVID-19, security leaders were already trying to manage around increasing personal devices connecting to their networks and accessing data. Then remote and hybrid work exploded with the onset of the global pandemic, blurring the traditional perimeter even more.  

An uptick in employee departures creates more access points to account for when that employee transitions out. Passwords, access, and data contained on these additional devices must be accounted for and closed down. Failure to do this effectively can result in data loss or unguarded entry points. Haphazard or unstructured offboarding can create unintended opportunities for malicious or non-malicious data loss.  

Recent data shows that cybersecurity employees are questioning their ability to last in their roles. Survey findings suggest that nearly half of all cybersecurity employees have considered quitting their jobs due to work-related stress (ransomware being the biggest culprit), and just as many know someone who left the industry entirely.  

This creates a dangerous challenge for Security and IT teams. With increasingly complex environments that demand specific skillsets coupled with institutional knowledge. When these resource-strapped teams lose employees, those skillsets and knowledge are lost with them leading to gaps and blind spots within the network. These roles can take time to backfill given their specificity, which makes it harder to implement defenses and slows down response time.  

What security leaders can do to strengthen defenses and resilience 

The faster companies embrace the reality of the current climate marked by unprecedented change, the faster they’ll be able to find a path forward to account for these risks. We’ve gathered our top recommendations for securing your defenses and establishing resilience no matter what hurdles the job market puts in your path.  

Zero in on zero trust. Establishing a zero trust environment is fast becoming the norm for companies looking to future-proof their security operations, and rightfully so. Gartner listed the rise of zero trust in their cybersecurity predictions for the coming year, citing the need for continuous authentication and carefully managed permissions. A zero trust model helps reduce your organization’s attack surface and allow access business-critical data to only those who need it. Security and IT teams gain increased control and visibility across their users, devices, networks, and applications.  

Lay the groundwork for resilience. Security resilience is top of mind for security and business leaders as cyberattacks continue to rise in number and severity. But the route to resilience may seem murky for many who don’t know where to begin or what’s needed. That’s why Cisco identified five key capabilities necessary to achieve a more flexible, secure future.  

  1. See more across your infrastructure. Improving visibility and awareness across your environment will help you secure and monitor your expanding attack surface. 
  2. Anticipate what’s next. Leverage actionable intelligence to increase contextual awareness and more easily predict what’s next.  
  3. Prioritize your biggest risks. With a surge in CVEs, a risk-based vulnerability management strategy helps you focus your finite resources on the vulnerabilities that pose the greatest risk.   
  4. Close the gaps. Integrating disparate security technology helps eliminate dangerous security gaps and drives consistent and thorough protection of all assets.  
  5. Automate your response. Smooth out workflow inefficiencies by finding opportunities for automation to alleviate the burden of cumbersome processes or manual effort. 

Make your offboarding meticulous. Tighten up your offboarding process to ensure every device, point of entry, account, etc. are properly accounted for and closed out. From an IT standpoint, the offboarding process should continue even after the employee has departed with regular account monitoring to ensure that all access has been revoked. From an HR perspective, make sure you’re maintaining a healthy relationship with this alumnus. With a rise in boomerang employees, this person could potentially return so anything you can do to make that process more appealing will help you in the long run. 

Resilience in the face of resignation…or regret 

Workforce trends will continue to impact the reality of security operations (even more surreptitious and controversial trends like quiet quitting). Regardless of employee fluctuations, security leaders must prepare their defenses to safeguard their most important assets and ensure business continuity. The road to resilience looks unique for each organization, but as some top security leaders recently shared, many common threads run through each journey.  

Explore what industry leaders are saying about harnessing security resilience to navigate unknown change and threats with confidence in Building Security Resilience: Advice and Stories from Cybersecurity Leaders. These experts share everything from what it means to manage and support people in this era of unpredictability to what your security program needs to be successful.  

Read the Latest Content


Think You Know Your Supply Chain? Think Again

In this on-demand webinar, Jerry Gamblin explains the first step in securing your supply chain is understanding your supply chain.
Cybersecurity Best Practices

Building Security Resilience: Top Leaders Share Real-World Best Practices

Organizations are quickly realizing future success and longevity hinge on security resilience and the ability to navigate uncertain threats and change...

Two Veteran CISOs Shed Light on Process Improvement

Two powerhouse CISOs share real-world lessons for refining processes and improving workflows to optimize collaboration and security efficacy.

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.