MAPLESEC panel: ‘Great resignation’ may also mean loss of a firm’s cybersecurity knowledge

Share post:

The so-called ‘great resignation’ due to wage stagnation, long-lasting job dissatisfaction, and health concerns over the COVID-19 pandemic may include those in cybersecurity functions in IT departments.

But if it’s happening there, the problem could create more than a shortage of bodies, according to a panel at Thursday’s IT World Canada MAPLESEC Satellite online series.

The bigger problem, said Cat Coode, founder of the Canadian-based Binary Tattoo data privacy consultancy, is organizations will lose their cybersecurity knowledge base with every person that departs for whatever reason. Staffers, who, for example, understand the informal patch management procedure may not pass on that knowledge.

“I do a lot of reviews of a lot of [cybersecurity and privacy] policies,” she said, “and I will tell you they often sit unread, or they’re incomplete, or the policy says ‘we’ll do something’ [in this circumstance], but there’s no matching procedure”… “so if someone leaves, the patch management program goes.” Even if IT staff don’t leave it’s still vital to document cybersecurity procedures, she said.

Panellist Brennen Schmidt, an author and cybersecurity educator, said CISOs should think of the ‘great resignation’ as less of cybersecurity problem and more of an opportunity to get rid of silos in their organization. Create a map identifying the touchpoints cybersecurity has across the organization, he advised. See personnel change as an opportunity to bolster cybersecurity collaboration across the enterprise, while at the same time developing resiliency to cyberattacks.

Jim Love, IT World Canada’s chief information officer, said staffing moves represent a change in the way we work. “I know of organizations where every month a key person leaves,” he said. “We have to understand that. It will be a huge challenge for some organizations.”

(See the entire panel discussion in the video below)

The panel also touched on a number of other topics:

What could have been done to avoid the cyber attacks seen last year?

Love: Follow seven basic cybersecurity controls: Awareness training; teach users to create better passwords; use multifactor authentication (MFA) to protect logins; know your corporate data, hardware, software assets so they can be protected; patch software; and have an incident response plan. “We don’t have to be vicitms,” he stressed.

Coode: Create a culture where your staff are free to admit cyber-related mistakes. Management must recognize mistakes happen, she said.

What can be done about supply chain attacks?

Coode: Many of an organization’s partners/vendors have our data — they access it, analyze it, copy it to their systems. It’s not really an issue of ‘supply chain management,’ as it is an issue of vendor management. So when hiring a development firm to write code for an app that will access your data, make sure they’re vetted, make sure their contract includes obligations to protect your data and/or to limit access to it.

How can CISOs/ IT security leaders create better incident response plans?

Love: They have to apply the same techniques hackers do: “Painstaking planning of every detail.” Talk to staff about preparing for an incident, practice the response plan. Imagine what you’re up against and work the problem backwards.

Schmidt: Management should get to know the people responsible for incident response before a serious incident.

Coode: Having an incident response policy is not the same as having a detailed plan.

What will 2022 look like?

Love: “Like 2021, only on steroids” – Ransomware, supply chain attacks, compromising open source applications, and attackers getting around multifactor authentication.

Schmidt: “We’re going to have to start exercising our imagination” to protect data. He predicts more board members and senior managers will be more strategic in corporate cyber spending. They’ll also be more willing to bring IT people to meetings to begin a corporate dialogue about how to thwart cyberattacks, he said.

Should you pay a ransom to get data back?

Talk to your lawyer, Schmidt said. Coode and Love said having good data backups lowers the necessity to pay.

Moderator Dave Masson, director of enterprise security for DarkTrace, added this recollection: “A business in Ontario called me up crying because he’d been hit by ransomware and he paid, and he asked, ‘Can you help me?’ And I said no, because it’s already happened. Two weeks later he rang me up and said, ‘They’ve done it again,’ and I asked ‘Did you pay?’ and he said ‘Yes, can you help me?'” A week later he called me again in tears and said, ‘They’ve put cryptojacking malware on every device in the company!”. And I said ‘Of course they have. They know you don’t have any money left.”

A replay of the panel discussion is available on YouTube:

The post MAPLESEC panel: ‘Great resignation’ may also mean loss of a firm’s cybersecurity knowledge first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.

Featured Tech Jobs


Related articles

Cyber Security Today, April 12, 2024 – A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more

A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more. Welcome to Cyber Security Today. It’s Friday April 12th, 2024. I’m Howard Solomon. Organizations that use products from business analytics provider Sisense [SI-SENSE] are being told to reset user login credentials and digital keys. The warning comes from the

LinkedIn introduces verification for recruiters to combat scams

LinkedIn announced today the launch of a new verification process for job recruiters, a move aimed at curtailing...

Cyber Security Today, Week in Review for week ending Friday, April 5, 2024

This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways