News, news analysis, and commentary on the latest trends in cybersecurity technology.

Darktrace's Dave Masson Explains How the Great Resignation Is Affecting Cybersecurity

Organizations can address the threats this upheaval creates by using a mix of traditional techniques and advanced AI, says Darktrace's director of enterprise security.

Dark Reading Staff, Dark Reading

March 18, 2022

The Great Resignation is real, and so is its effect on how companies manage cybersecurity for a changing workforce. Over 4.5 million Americans left their jobs in November 2021, according to one survey, and 74% of full-time employees are considering doing the same. Combined with the pandemic-driven move toward remote work — in the same survey, 45% of respondents said they'd quit if their employer forced them to return to the office — this upheaval creates new challenges for network security professionals.

"Before the pandemic, the data was pretty much all in one place," says Dave Masson, director of enterprise security at Darktrace. "Now it's absolutely everywhere."

Employees are working remotely using endpoints such as personal laptops and phones, and those devices need access to corporate networks.

"And that is where the cybersecurity issue comes in. Because lack of knowledge, lack of visibility, where things are and what people are doing, can be exploited by cyber threat actors," Masson warns. "We've been saying for a long time, threat actors will get inside. In fact, threat actors are probably already inside and have been there for some time."

A remote workforce puts pressure on existing security techniques, such as zero trust. While zero-trust networks reduce the activities most users can perform, the problem is that it still relies on verifying users via credentials, which have become a hot ticket on the black market.

"If you've got hold of these credentials, you can be trusted and verified as you go through a system," Masson points out. "You're not somebody who really can be trusted, but you can be verified." The solution to the problem of infiltrators with stolen credentials, he says, is to watch for behavior and not just identity. And that's where artificial intelligence can play an important role: comparing people's actions against the established, expected actions performed on a regular basis.

When an intruder comes in via stolen credentials, Masson says, "they're going to do something — or more correctly, use something — in a way that was different to the way they used it or it was used before. And AI is very good at spotting that ... and not just spotting it, but actually then stopping it in real time."

Artificial intelligence (AI) can also help when offboarding employees who leave as part of the Great Resignation. Masson says that if you implement AI monitoring to establish normal behavior, you can discover whether someone could be preparing for mischief on their way out.

"You can use AI to then spot something that's just changed in that person's two weeks' work notice before they go that might be malicious [or] might be a mistake, but it still allows you a chance to stop damage being done to the organization," he says.

Masson points out that while AI provides an important supplement to human workers, it doesn't replace the need for cybersecurity staff — or for treating workers well.

"You also need to ally [AI tools] to some good HR practices so that all your employees are happy," he says. "And when they leave, they leave in a happy manner, and they don't take all their stuff with them."

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights