This post is also available in:
עברית (Hebrew)
A research team from Binghamton University and the State University of New York explains the connection between mass layoffs and data breaches, theorizing that layoffs create conditions where displeased employees are more likely to engage in risky behaviors that heighten the company’s vulnerability. The motivation behind the study was to explore revenge-type behavior of people affected by layoffs, as well as the “social justice” of people seeking to “punish” a company through hacking.
Assistant Professor Thi Tran, who is leading the project, explains: “Some companies try to be nice by announcing layoffs first, terminating access to the laid-off employees later, but that can easily open the door to cybersecurity risks—especially if the laid-off employee is feeling vengeful… Because they used to be an employee, they have confidential information about security layers that can be bypassed… The more they know about the system, the worse it could be.”
The study suggests companies should be more proactive with corporate social responsibility initiatives that emphasize ethical conduct and data security during layoffs in order to reduce the risk of data breaches arising from those situations.
According to Techxplore, although announcements of mass layoffs are quite a common headline, there has not been enough research about the connection between them and cybersecurity for those companies. Sumantra Sarkar, an associate SOM professor stated: “People react to triggers in their environment, such as layoffs,” he added, “and that’s why security problems often come from the people either inside the organization or vendors with inside knowledge of the infrastructure.”
Researchers suggest that companies are also leaving themselves vulnerable by outsourcing IT and cybersecurity tasks as a cost-cutting measure in response to layoffs. In addition, negative publicity following layoffs could create an opportunity for hackers with political motivations to take advantage.
“We’re looking at not only the probability of something like data breaches resulting from mass layoffs happening but the severity if something like that actually does happen,” concluded Tran.
