In the face of economic headwinds, many companies are resorting to layoffs to help weather the storm. A study by Bloomberg News has found that since October 1, 2022 almost half a million employees worldwide across sectors have lost their jobs, with the tech sector accounting for nearly 150,000 of the 473,000 jobs cut. And new research by HackerOne found that in the last 12 months, 39% of companies surveyed have made security headcount cuts, and 40% plan to make then in the next 12 months. Meanwhile, cybersecurity staff that are left behind to shore up defenses and mitigate risk have their hands full.
To begin with, last year 80% of hacking-related breaches used stolen and/or weak passwords. Deprovisioning user access is a critical but an extremely time-consuming task, particularly for companies that don’t use automation to help. Having to manually hunt through all the systems that an employee or contractor uses and remove their access is tedious and prone to human error. Staff responsible for deprovisioning while at the same time monitoring for threats, can easily miss a disgruntled employee who may attempt retaliation or signs of credential leakage or compromise.
What’s more, attacks continue to rise. Check Point research finds global cyber attacks increased 38% in 2022 and reached an all-time high in Q4 with an average of 1,168 weekly attacks per organization. And the number of Common Vulnerabilities and Exposures (CVEs) climbed to 25,227 in 2022. Cuts to cybersecurity teams that are already spread thin due to the global skills shortage, further reduce the effectiveness of the team to keep up with the latest threats and vulnerabilities, increasing an organization’s risk. In fact, 75% of companies surveyed by HackerOne say that budget cuts, layoffs and freezing new hires and investments related to security negatively impact their ability to manage cybersecurity efficiently.
Most of you reading this blog are cybersecurity practitioners with ownership for putting strong cybersecurity measures in place to help protect your organization’s larger ecosystem. But those technologies and processes are only effective if everyone does their part to make smart decisions. And the people who help educate employees about maintaining good cyber hygiene may have been among those laid off. If you feel employees and colleagues could use a reminder, here are a few tips to share:
https://www.stopthinkconnect.org/
https://www.dhs.gov/be-cyber-smart/campaign
https://staysafeonline.org/stay-safe-online/
It’s difficult to predict how long this economic uncertainty will last. So, there’s no time like the present to help raise awareness of the risks and the easy steps everyone should take to help strengthen their organization’s security posture. Hopefully these tools will help. To learn more about the ThreatQ Platform, request a demo.