People are working harder than ever, but they're not happy about it — and the insider threat is all too real.

Lynsey Wolf, Global i3 Investigations Team Lead, DTEX

January 18, 2023

4 Min Read
Flashlight shines on insider threat
Source: Andrea Danti via Shuttertock

Quiet quitting, as the media reports it, is a myth.

On the heels of the Great Resignation that plagued companies during the COVID-19 pandemic, businesses started to fear the notion of quiet quitting, an idea that went viral after Zaid Khan, a 24-year-old engineer from New York, posted a video on TikTok in July. The video, which has drawn about a half-million likes (and endless media attention), was an argument for reassessing work-life balance in a post-COVID world — by doing your job but resisting the "hustle-culture mentality" to regularly go above and beyond. Since its posting, people have latched on to the twisted notion of workers doing as little as possible, essentially causing work slowdowns without leaving their jobs.

That is nonsense. In reality, people are working harder than ever, and they are not happy about it — and that might be bad for business. A dissatisfied workforce increases the potential for insider threats, either through sabotage or exfiltrating corporate IP.

The Myth of Quiet Quitting

Let's get this out of the way. Quiet quitting, as the media report it, is a fabrication. Productivity is up. With economic uncertainty looming around every corner of the tech world, people aren't quitting, quietly or otherwise. Most people cannot afford to be perceived as not working hard. But that doesn't mean they are happy in their work life. A recent Gallup survey of 15,001 workers found that 55% were "struggling" in the poll's Life Evaluation Index, and only 24% said their organizations cared about their overall well-being — a steep drop-off from 49% in May 2020.

Employee discontent comes from two opposite extremes:

  • Marginal employees, fearful of a looming recession, are keeping their heads down and noses to the grindstone. But, concerned about their futures, they may be exfiltrating corporate data for their own benefit.

  • In the other camp, star employees, having realized that if they can work from home, they can work from anywhere, are becoming more demanding. The belief that their employer is not doing enough for them can lead to disillusionment with an organization, resulting in those "star employees" doing things that are harmful to the corporation.

Employees in both camps may be thinking of their next job while working in their current position. Employees who are looking for exit signs often wonder what they need to take with them when they walk out the door, either in a forced march or fleeing for theoretically greener pastures. And sometimes, they leave behind ticking time bombs.

You Can Take It With You

About 50% of all employees exfiltrate IP that will be helpful for their next job. Most of the data they take is from projects they have worked on, but 12% of what they take does not relate to their jobs — including information such as SharePoint directories, company lists, and contract terms.

The latter cases might involve information that was shared companywide and could prove useful to an employee in their next job. Some of the illicit information can be obtained through the corporate network, while some can only be gathered through social engineering by asking a colleague to pass along some content that the requester cannot access.

Sabotage From the Inside

As the pace of layoffs increases, some employees may turn from contented to disgruntled and look to strike back via corporate sabotage. This can take the form of sabotaging an organization's internal infrastructure or stealing company secrets and selling them to the highest bidder. In either case, it can happen whether the employee is staying in place or heading for the exit.

HR teams need to provide notices of layoffs to IT workers, and if employees stay in place while looking for new positions, the security team needs to find a way to cut off the employees' ability to damage the company internally or exfiltrate sensitive data.

How Data Is Extracted

The use of unsanctioned applications, especially by employees working from home and mixing work and personal tools, provides an avenue for employees to exfiltrate data. Companies may block unauthorized IM apps, but external email programs and third-party browsers often go unnoticed.

An employee could, for example, copy company data, save it as an email draft, and retrieve it later via a personal device. A third-party browser may also use Tor encryption, which can make it fairly easy to exfiltrate data by circumventing security controls.

HR and IT Need to Work Together

Quiet quitting is a myth. Employee productivity is flat or even up. The segue from working in an office to remote work has dislodged employee loyalty. It also has made it somewhat easier for employees to take information with them when they decide to look for better working conditions or are asked to leave. Until recently, it was always the IT team warning HR about security risks. In this current economic climate, it's the other way around, with HR needing to inform IT about the risks stemming from the inside.

HR and IT need to take certain steps together, such as blocking shadow IT, to prevent data from being surreptitiously moved. This will help ensure that departing employees, as well as those who remain, aren't taking any information that could later harm or even cripple the company. HR taking the lead here is a new paradigm, but so is almost everything else in this post-pandemic world.

About the Author(s)

Lynsey Wolf

Global i3 Investigations Team Lead, DTEX

Lynsey Wolf is a senior counter insider threat expert, customer partner and cybersecurity forensic detective. She has in-depth experience as an insider threat investigator and researcher using scoring frameworks proven to stop malicious actors and insider threats. In her career, she has utilized human behavior analysis to mitigate data loss and other malicious behaviors and assisted both innovative and compliance-driven organizations in building out their own insider threat programs. 

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights