Microsoft 365 security

5 top security challenges for CISOs amid the Great Resignation era

Here's a list of Microsoft 365 security challenges that CISOs, Head of IT, and IT professionals face in Great Resignation (Big Quit) era.

The latest challenges for CISOs started in early 2021. The Great Resignation has now seen unprecedented numbers of employees switching jobs, roles, and careers. What’s more, this is an ongoing – and worldwide – trend. A Microsoft report found 41% of the global workforce are likely to consider moving within the next year.

That’s not all. The Great Resignation is happening at the same time as a great transformation. Where work – and workers – are becoming more hybrid, flexible, and on the move. In the US, 60% of the workforce is predicted to be mobile by 2024. Within the European labor pool, remote workers are predicted to reach 52% in the UK, 37% in Germany and 33% in France.

The Great Resignation and its impact on CISOs

For CISOs, these two trends have combined to create a perfect storm.

A resignation is no longer just about returning your company ID, boxing up belongings, and giving good-bye speeches. It also means knowing, and being aware of, all potential and actual security risks arising from an employee leaving.

Naturally, these will vary depending on the manner of the resignation. Leaving on good terms can allow for managed exit interviews and organized handovers. The sorts of activities that were previously the domain of HR, rather than a mixture of HR and IT. However, there will be times when things aren’t mutually amicable.

Whatever the situation, it’s a case of prevention is better than the cure.

There are certain actions that you need to take to make sure that former employees don’t run off with your data and that their knowledge stays in the organization.

Corinna Lins and Marijn Somers will show you all the considerations and action items you need to take to gracefully offboard employees.

Employee Offboarding: Organizational and technical considerations

Below we look at five areas CISOs should look at, and priorities to mitigate the workplace impact of The Great Resignation.

CISO Challenge 1: Dispersed users and the rise in remote working

The human element has long been cited as the weakest link in organizational security. The vulnerability that hackers and malware tend to exploit with the most success. Previously these risks were manageable for CISOs, given that employees were mainly located within the premises. Now of course, that’s all changed. Endpoints and employees are dispersed, often managing multiple profiles, roles and logins, sometimes from the same consumer-oriented device.

Naturally, this poses challenges for CISOs around Identity and Access Management. Staff will have multiple logins, which need to be stored, secured, and updated in the event of a resignation. BYOD culture means it’s not just a case of returning company property to be wiped. Using non-corporate devices also makes it harder to build up an accurate picture of historical usage, interaction, and access.

CISO Challenge 2: Lack of knowledge around location of data

CISOs know it’s not just workers who have moved away from centralized locations. There’s also the question of data. Gartner predicts a 21.7% rise in public cloud spending for this year. Alongside the rise in migration volumes, CISOs also have to factor in the varieties of data now being managed in the cloud. Some of this will be sensitive and confidential, with Shadow IT also a possibility.

This all means CISOs have to deal with poor visibility of data, sometimes stored without encryption. It becomes hard to keep track of external sharing and permission settings set by departed employees. They may have locally stored data on unsecured home devices, saved passwords, and connections using home Wi-Fi. There may be misconfigured sensitivity labels or provisioning, potentially causing issues around governance and auditing.

CISO challenge 3: Insider attacks and how resignations heighten organizational risk

Resignations can often be catalysts for insider attacks. Where employees leave abruptly, angrily, feeling like they have nothing to lose. Almost three-in-five (59%) of organizations experienced one or more insider attacks over the past 12 months. Intellectual property theft is another common threat, such as the autonomous car case that resulted in an 18-month jail sentence for a former Google employee. Digital supply chains are also a growing attack surface. Gartner predicts 45% of organizations worldwide will experience this form of attack by 2025.

There’s also the fact that some insider threats are negligent rather than malicious. For example, employees using multiple applications can quickly experience password fatigue. Instead, they use easily guessed passwords, sometimes stored in unsecure locations. When they resign, these threats can leave the organization still open to attack, and vulnerable to delayed discovery and response. An IBM study found it takes an average 287 days to identify and contain a data breach. The longer the delay in detection, the more costly a breach can be.

CISO Challenge 4: Weak access policies across Microsoft 365 tenants

Hybrid working-fueled Microsoft 365 adoption means more attack surfaces. Consider all those Teams channels, Outlook inboxes, and SharePoint groups. Without the necessary onboarding and knowledge, there’s no guarantee employees will maintain the necessary compliance and governance procedures. Whether that’s around storing confidential data in non-confidential locations, failing to set expiry dates on documents, or limiting access to private groups.

These can all cause huge headaches for CISOs. Particularly those operating in highly regulated environments. Or in regions such as Europe, where GDPR fines go up to 4% of turnover or 20 million euros. Microsoft 365 does supply some features to help. For example, the unified audit log. This can help show there has been a breach. However, this won’t necessarily help with investigating the origins of the breach.

CISO Challenge 5: Replacing employees who are part of the Great Resignation

Naturally, the Great Resignation includes employees who report to CISOs. However, there’s now a reported 3.5 million cyber security jobs that remain unfilled globally. This well-documented skills shortage means CISOs are struggling to find replacements. Then there’s the growing sophistication of attacks, putting stretched teams at higher risk of overwork and burnout. It’s one reason why a cyber “security brain drain” features among Forrester’s 2022 predictions.

Setting up appropriate response plans can alleviate this – to some degree. However, not when organizations are managing IoT, AI, and other fast-evolving technologies. Where CISOs are often working with complex infrastructure, often a hybrid of legacy and cloud, while also facing pandemic-affected budgetary limitations.

How CISOs can meet the Great Resignation challenges

There’s no sign of the Great Resignation slowing down just yet. After all, employees aren’t machines. However, machines can help employees – when their machines are loaded with Syskit Point.

That’s because Syskit Point offers governance, administration, and monitoring – from one single pane. Helping CISOs solve the challenges outlined above – plus a whole lot more. For example:

  • Identify and Access Management (IAM)
    Syskit Point tells you who has access to what – in just a few seconds. This includes all permissions and memberships for every user across your Microsoft 365 tenant. Track all granted permissions, see every added user or group member, and identify any broken inheritances.
  • Data security and compliance
    Syskit Point can ensure workspaces stay compliant, with policies applied throughout their lifecycles. Policies can be customized, with sensitivity labels that restrict data access and sharing. Alerts can be created based on activities, IP addresses, and users.
  • Insider attacks
    Syskit Point can manage user access, analyze user adoption, and monitor content usage. Guest users can be detected, and unauthorized file sharing can be prevented. Creating multiple snapshots of tenants, to identify any suspicious changes to settings and establish historical records, will also be available soon.
  • Access policies
    Syskit Point reminds users to carry out access reviews of their resources. These reviews can be across Teams, Microsoft Groups, and in SharePoint sites. Helping CISOs and their teams to identify inactive resources, reduce clutter, and ensure access is only available to necessary people.
  • Provisioning automation
    Syskit Point can automate control for workspace creation, lightening the load on IT teams. Configure templates, define approval stages and approvers, while encouraging self-service throughout the organization. Requests can be approved easily from within Teams, saving even more time. For example, one European pharma company saved 4 hours day by using Syskit Point for central access reporting, in one of the world’s most highly regulated industries.

Subscribe to our Newsletter

Related Posts