Episode 199 COVID’s Other Legacy: Data Theft and Enterprise Insecurity
The Security Ledger Podcasts - En podcast af The Security Ledger
In this episode of the podcast (#199), sponsored by LastPass, we’re joined by Barry McMahon, a Senior Global Product Marketing Manager at LogMeIn, to talk about data from that company that weighs the security impact of poor password policies and what a “passwordless” future might look like. In our first segment, we speak with Shareth Ben of Securonix about how massive layoffs that have resulted from the COVID pandemic put organizations at far greater risk of data theft. The COVID Pandemic has done more than scramble our daily routines, school schedules and family vacations. It has also scrambled the security programs of organizations large and small, first by shifting work from corporate offices to thousands or tens of thousands of home offices, and then by transforming the workforce itself through layoffs and furloughs. In this episode of the podcast, we did deep COVID’s lesser discussed legacy of enterprise insecurity. Layoffs and Lost Data We’ve read a lot about the cyber risks of Zoom (see our interview with Patrick Wardle) or remote offices. But one of the less-mentioned cyber risks engendered by COVID are the mass layoffs that have hit companies in sectors like retail, travel and hospitality, where business models have been upended by the pandemic. The Department of Labor said on Friday that employers eliminated 140,000 jobs in December alone. Since February 2020, employment in leisure and hospitality is down by some 3.9 million jobs, the Department estimates. If data compiled by our next guest is to be believed, many of those departing workers took company data and intellectual property out the door with them. Shareth Ben is the Executive Director of Insider Threat and Cyber Threat Analytics at the firm Securonix. Shareth Ben is the executive director of field engineering at Securonix. That company has assembled a report on insider threats that found that most employees take some data with them. Some of that is inadvertent – but much of it is not. While data loss detection has long been a “thing” in the technology industry, Ben notes that evolving technologies like machine learning and AI are making it easier to spot patterns of behavior that correlate with data theft- for example: spotting employees who are preparing to leave a company and take sensitive information with them. In this discussion, Shareth and I talk about the Securonix study on data theft, how common the problem is and how COVID and the layoffs stemming from the pandemic have exacerbated the insider data theft problem. It’s Not The Passwords…But How We Use Them Nobody likes passwords but getting rid of them is harder than it seems. Even in 2021, User names and passwords are part and parcel of establishing access to online services – cloud based or otherwise. But all those passwords pose major challenges for enterprise security. Data from LastPass suggest that the average organization IT department spends up to 5 person hours a week just to assist with password problems of users – almost a full day of work. Barry McMahon is the Senior Global Product Marketing Manager at LogMeIn