Mass Data Theft - The Big COVID Consequence
Mass Layoffs Risk Exodus Of Corporate Data, Experts Warn
The suspension of office work followed by mass layoffs were devastating
consequences of the COVID 19 virus once it took hold in the United States in
February. Mass data theft may be the next.
As corporations across industries rush to trim their payrolls and stay afloat
financially, they are inviting data loss on a large scale, as millions of
departing workers take sensitive company files and other data with them on the
way out the door, experts warn.
A Spike in Data Exfiltration
Since February, the unemployment rate in the United States jumped by 9.8
percentage points, while the number of unemployed people increased by 15.2
million, according to data the Bureau of Labor Statistics released in May.
Industries such as hospitality, restaurants and bars, media, manufacturing and
healthcare have all been hit hard. Boeing said it would shed 13,000 jobs. Ride
hailing firm Uber has cut more than 6,000 positions as it tries to stay afloat
amid depressed demand for its ride hailing service.
Many of those departing employees will not leave empty handed, experts
warn. “We’ve seen an enormous spike in exfiltrated data,” said Joe Payne
of the firm Code 42.
Even before the COVID pandemic took hold, employees were prone to take files and
other company data with them when they left an employer, Payne said in a phone
interview. “People today really believe that the work they created at their
job, they own,” he told me. Data compiled by Code42 found that more than
two thirds of information security workers (71%) and a similar share of business
decision makers believed that they own their work products. “It’s not
corporate data; it’s my work and my ideas,” Payne said, describing the
thinking of these employees.
Occasionally, such activity rises to the level of a crime. In October, 2019, a
federal judge in Chicago sentenced 59 year-old Robert O’Rourke of Geneva
Wisconsin to a year in federal prison and $100,000 in fines for stealing trade
secrets from Dura-Bar’s network, a manufacturer of continuous cast-iron
products. Prior to the theft, O’Rourke, a 30 year employee of the company, had
taken a job with a Dura-Bar rival in Jiangsu, China.
The changes that arrived with COVID have amplified that behavior. First, the
closure of corporate offices and the transition to working from home blinded
corporate security teams to what their employees were doing - at least
“The first thing we noted as COVID hit was a surge in VPN activity,” said
Shareth Ben, the Executive Director of Field Engineering at the firm Securonix.
While that is not surprising, it has required corporate security operations to
relax security controls to enable that remote work, Ben said. That has meant
a loss of visibility.
Take printing: corporate policy pre-COVID may have blocked local printing of
corporate documents. In recent months, those kind of restrictions have had to be
relaxed at many organizations to accomodate prolonged remote working.
Unfortunately, that has opened the door to data exfiltration. Internet based
printing services like HP ePrint or Apple AirPrint, for example, allow users to
transmit a local document to a remote, Internet based printer. Corporate
documents transmitted from an employee’s home network to a remote, Internet
print service will likely escape notice by security monitoring tools designed to
secure corporate networks. “That may not be malicious activity, but it is a gap
in visibility,” Ben said.
COVID’s Double Whammy
While many employees take data with them when they leave, the layoffs that have
accompanied the COVID-driven economic contraction have exacerbated an existing
problem. First, because laid off employees are more likely to make off with
data. “When people are laid off, they’re angry,” Payne explained. “It
wasn’t their decision to leave.” Which coupled with the normal tendency
to take home 'their work' the risk is compounded.
The sheer volume of layoffs has also posed a challenge, compacting a year
or more of attrition into the space of a single day. “We had a client who
laid off 17% of their workforce,” Payne said. “That’s typically what you’d see
in an entire year in the high tech space.”
Payne said that his company has seen so much data moving following layoffs that
it has had to adapt its technology to “work through it all” and pick the
egregious behavior out from more innocuous data transfers.
Nothing says “I’m Leaving” like a ZIP File
Payne and Ben say that companies can prevent inadvertent data theft by
making it clear to employees up front that all their work belongs to the company
and that security operations monitors data flows and transfers.
But companies also need to monitor employee behavior over time to spot
changes that may indicate an employee is getting ready to leave.
Signs include a sudden expansion in the kinds of systems and files the employee
is accessing, or the creation of ZIP and other file archives, which are often
used to transfer large numbers of documents, but are a rarity under normal work
Most data theft is not malicious, but evidence of people making “poor
decisions,” Payne said. “You don’t want to get in the way of (employees) being
productive, Payne said. “But you don’t want them to do dumb things.”
1 Outlaw USB Sticks @Office - But Hey the Barn Doors Have Been Open for
2. Know your data and inventory
3. Constantly update, monitor and manage your accessibility processes.
4. Stay in tune with HR developments and processes of departing and potential
higher risk associates
Article originally published on