A new study suggests there may be a correlation between mass layoffs and data breaches.

According to a research team led by faculty from Binghamton University, State University of New York, since layoffs create conditions where disgruntled employees face added stress or job insecurity, they are more likely to engage in risky behaviors that heighten the company’s vulnerability to data breaches.

In a paper titled “The Impacts of Layoffs Announcement on Cybersecurity Breaches,” the study explored the revenge-type behavior of people affected by layoffs and the social justice aspect of people seeking to “punish” a seemingly “bad business” through hacking.

The collaborative research was conducted with Vietnam National University and Liverpool John Moores University in the UK.

“Some companies try to be nice by announcing layoffs first, terminating access to the laid-off employees later, but that can easily open the door to cybersecurity risks—especially if the laid-off employee is feeling vengeful,” said Assistant Professor Thi Tran, who is leading the project and presented the paper at PACIS.

“Because they used to be an employee, they have confidential information about security layers that can be bypassed,” he added. “The more they know about the system, the worse it could be.”

Researchers suggest that if companies focus on corporate social responsibility initiatives that emphasize ethical conduct and data security during layoffs, they could reduce the risk of data breaches arising from those situations.

“In the old days, industries were more manual-oriented, and you could not replace people with the click of a button, but in the current information technology world, you hire people by the thousands, and you can lay off people much the same way. This opens the door for our research because humans are statistically the weakest link of the IT security chain,” Sarkar said.

“People react to triggers in their environment, such as layoffs,” he added, “and that’s why security problems often come from the people either inside the organization or vendors with inside knowledge of the infrastructure.”

The researchers said companies could also leave themselves vulnerable, apart from using outdated security systems, by outsourcing IT and cybersecurity tasks as a cost-cutting measure in response to layoffs.

In addition, the negative publicity that tends to follow layoffs could lead people to infer the company had been suffering from financial problems or poor leadership, which could create an opportunity for hackers with political motivations to take advantage, the researchers opined.

“When people hear about layoffs, it’s going to be viewed as something bad that can happen to them or anyone else in society. So, if you’re in tune with how people consume information, you want to do whatever you can to build a good picture in the public’s mind to minimize negative consequences,” Tran said. “We’re looking at not only the probability of something like data breaches resulting from mass layoffs happening but the severity if something like that actually does happen.”

Original written by Anthony Borrelli. Binghamton University. (2024, July 23). Mass layoffs and data breaches could be connected. ScienceDaily. Retrieved July 25, 2024 from www.sciencedaily.com/releases/2024/07/240723123528.htm