Skip to content
Blog

Incydr™ Scoop: Data Exposure Jumps as Employees Head for the Doors

“The Great Resignation​​” is upon us and with it comes data loss: H1 2021 Analysis

The first six months of 2021 saw unprecedented turnover in the US labor market, after a full year of the COVID-19 pandemic. And with every individual that leaves an organization, a ripple begins – affecting both operations and risk. In an analysis of data-exposure telemetry from devices using Code42 Incydr, the trend is clear: data is leaving organizations – and it’s leaving fast.

Our analysis shows a direct correlation between resignations, departing employees, and exposure events. Turns out, when people leave, so do source code, patent applications, and customer lists.

Insider Risk

Insider Risk is security risk that originates within an organization–it is created by employees and jeopardizes the well-being and competitiveness of an organization, its customers, or partners. Unfortunately, Insider Risk has never been a more urgent problem for companies due to the convergence of three trends: portability of data, hybrid work, and employee workforce shifts, aka the Great Resignation.

This analysis is based on anonymized telemetry data from over seven-hundred thousand endpoints running Code42 Incydr between January 1 and June 30, 2021. Our analysis identified a multitude of data exposure movement trends that security leaders, business leaders, and boards of directors should take critical notice of as part of their cybersecurity governance, and insider risk planning.

Key Findings:

There were four major data movement and exposure trends captured over the first half of 2021.

1. Data Exposure and User Exodus

At large, we observed spikes in data exposure that directly correspond to when people leave jobs. A trend that has been reconfirmed by the recent jobs report from the US Bureau of Labor Statistics. Not only did we see an increase in data exposure events between H2 2020 and H1 2021 (40% half-over-half), there’s actually a massive increase quarter-over-quarter within the first half of 2021–a 61% increase to be exact.

The three month period between April and June 2021 saw 61% more exposure events than the previous quarter and accounts for 86% of all exposure events (across all vectors) experienced by organizations throughout the previous half (July through December 2020). Net-net: data exposure peaked at the same time the US experienced a massive shift in employment.

2. Source Code Loss is Climbing

Digging deeper, the findings reveal that source code exposure specifically increased threefold over preceding quarters.

During Q2 2021, source code accounted for 11% of all data exposure events that Incydr detected. This was an 83% increase when compared to source code exposure detected in both of the previous two quarters. Interestingly, Q2 2021 accounts for 47% of all source code exposed within the past calendar year. Again, confirming the ties between massive job shifts and exposure of valuable, sensitive information.

3. Increase of Removable Media as compared with other vectors

Our data also illustrates that removable media (primarily USB drives) represented the most widely used single exposure vector. For the first time since we began collecting data over 18 months ago, removable media (accounting for 42% of all exposure events) eclipsed cloud sync agents (37%) as the top single exfiltration vector.

4. Google Chrome Top Used Among Web Browsers

Google Chrome accounted for 52% of all application exposure not tied to a cloud sync agent or removable media. Rather than indicating that Google Chrome is particularly problematic, this instead denotes that it retains its dominant market share within professional environments.

On top of securing new hybrid workplaces, recent data shows that people are still actively looking for new jobs and millions more are willing to change in the near future.

Our analysis illustrates that many of these employees will likely take data with them to their next company.

When data falls into the wrong hands, it’s devastating to a company’s competitive position and jeopardizes the financial, reputational, or operational well-being of a company, its employees, customers, and partners.

To learn more about managing Insider Risk, watch a product demo.

You might also like: