Quiet quitting is the practice of lowering the amount of effort one devotes to one’s job, and doing the bare minimum requirements without going “above and beyond.” This type of workplace indifference may seem harmless, but it can have a major impact on the overall cybersecurity of a company. In particular, it can increase workforce risk.
Workforce risk refers to the potential of each worker within an organization to trigger a security breach. Not all employees are similarly risky and just a few employees cause the majority of security incidents. However, the Cyentia Institute reports human risk played a direct role in 61% of the largest cyber incidents of the last 5 years.
When employees care less about their job roles and responsibilities, they may make careless and negligent mistakes, such as accidentally engaging with a phishing email, unintentionally downloading malware, or unexpectedly triggering a security incident. In fact:
- 4% of users generate 82% of phishing incidents (some clicking twice per month)
- 3% of users generate 92% of malware events
- 12% of users are responsible for 71% of secure browsing incident
During a time where it’s “the norm” to care less at work, it’s crucial for security teams to identify and keep an eye on those quiet quitters.
The Cybersecurity Side Effects of Quiet Quitting
Today, quiet quitters make up approximately 50% of the workforce. These employees are stepping back from being hyper vigilant at work and essentially, doing “enough” until they get to clock out or log off at the end of the day. The problem is that, in their efforts to do the least required of them, the people who are quiet quitting are making small mistakes that can have a big impact on their organization’s cybersecurity.
When 82% of security breaches involve the human element, it’s no wonder that people are now recognized as a primary attack vector. Enterprises face new security risks from employees who are not invested in their job duties. Just a tiny mistake, such as falling for a phishing scam and clicking on a harmful attachment, or using the same login information repeatedly, can give cybercriminals the opening they need to infiltrate an organization’s network. The latter is enough to cause any Identity & Access Management professional’s hair to fall out.
Now, all of this is not to say that these quiet quitters necessarily have any ill-intent toward the company or are actively setting out to cause a security breach. Instead, these negligent workers are accidentally and most often absent-mindedly triggering incidents in search of work-life balance.
So, what can be done from a cybersecurity perspective to mitigate these risks? If half the workforce couldn’t care less about their personal performance, what will make them care about how they contribute to the organization’s cyber defense?
Adaptive Human Protection Can Strengthen Your Cyber Defense Despite Negligent Workers
It’s no surprise that 76% of cybersecurity leaders believe that having a dedicated program to manage insider risk would improve their organization’s overall security posture. However, training and simulation alone won’t solve for unintentional insider risk, especially when workers are quiet quitting. The most effective programs require risk measurement and active, individualized mitigation. This is called adaptive human protection.
Adaptive human protection is the act of defending your users, business, and systems against threat actors by identifying and protecting high-risk workers most likely to trigger a security breach.
Keep in mind, not all risk is created equal. Applying the same safeguards to every user is a mismanagement of risk and a productivity killer. Training may suffice for users who’ve demonstrated a history of low risk. Others may benefit from adjusting safeguards or limiting access. The right adaptive human protection technology can help you apply the right level of security for each individual without impacting productivity. This protects high risk workers like quiet quitters from making security mistakes while enabling them to perform their job duties with little to no added friction—keeping pace with their desire for work-life balance.
How to Engage the Unengaged Workforce
In an era where keeping employees engaged is difficult, and the act of quiet quitting is making a name for itself, it’s hard to imagine an effective solution to making your workers care about cybersecurity. Yet, we know that with the right technology, you can engage your workforce and build a security-aware organization.
Elevate Security empowers you and your workers with communication workflows that provide personalized, direct, and timely feedback based on user actions to inform individuals of the security impact of their actions. Our Human Risk Scoring helps your users understand how they contribute to the organization’s security and which of their behaviors is generating the greatest risk. Plus, with risk-adjusted safeguards you can tailor security measures to individuals.
Learn more about how to enable your business by empowering your employees here.
Employee mistakes are inevitable—whether they’re in the process of quiet quitting or just simply being a human being—no matter how much training you give them. Instead of trying to put out fires, it’s vital to prevent them from happening in the first place.
Elevate enables you to tailor identity, access, and zero-trust systems to individual risk levels allowing you to make security decisions with higher confidence. Interested in learning more? Book your demo today to see our platform in action.