Throughout 2022, we've seen devastating attacks target enterprises through social engineering employees. These attacks are low-cost for threat actors, but offer high rewards by gaining privileged access quickly. Email still plays a large part, but this year we saw a further weaponization of business communication infrastructure, like targeting employees and contractors on LinkedIn, WhatsApp, and lateral movement through Slack.
Fortunately, our work with customers has shown us that security leaders are waking up to the need for greater visibility and control across their entire communications environment. We have seen a broader recognition that layering multiple security solutions around email while Teams and Slack remain opaque is like bolting the front door while the windows remain open. In short, our security customers now see a need to continuously measure and secure their data against business communications risk.
In 2023, we will see malicious actors increase the frequency of and escalate tactics and techniques around communication. Based on our frontline experiences, here are SafeGuard Cyber's top five predictions for how business communication risk will increase in 2023.
If an employee feels like their security and compliance solution is curtailing their freedom to communicate effectively and efficiently, chances are they’ll find another way to circumvent the process and monitoring tools. Around 45% of business communication happens in digital channels outside of email. This is a trend that will escalate in 2023.
Digital natives in particular are still not open to completely following cybersecurity protocol for various reasons, and frequently communicate via channels outside of email. The reasons for this behavior are many but include:
Increased layoffs across the globe will lead to job seekers using messaging channels to communicate with potential employers, specifically LinkedIn messenger. Departing employees are far more likely to share critical information and data about their former employer in these communications.
In many cases, job seekers will be looking for similar positions and will believe that sharing specific data from their former company will give them a leg up in landing their next gig.
Phishing attacks are becoming more collaborative and span multi-channel communications. An attacker will need to impersonate trusted personas across several communication channels to gain trust from the target. Attackers are looking for any way into an organization. And they are becoming better at language-based attacks that travel across communication channels, making it easy to deliver ransomware in unmonitored collaboration applications. We believe this year's MFA fatigue attacks are just the start, and hardware keys will not be a silver bullet against more sophisticated social engineering attacks.
Once an attacker obtains credentials, they will then log into a corporate channel that is not monitored with security controls and will be able to operate within it for hours unnoticed. This gives them ample time to observe and/or exfiltrate sensitive data.
A similar real-world example occurred in September when an attacker compromised an Uber employee’s credentials and then revealed themselves in the corporate Slack channel. There will be a direct correlation in 2023 of compromised accounts, either stolen or sold, that will be used to attack an organization in minimally observed communication and collaboration channels.
Social engineering attacks originating in employee-owned communication channels are highlighted in the news on a weekly basis. Cybercriminals are targeting high value employees on LinkedIn, Telegram, and WhatsApp to infiltrate enterprises. Employers are struggling to enforce mandates and policies but will have to weigh the cyber risks against employees' data privacy. In short, the "personal" and "professional" boundary will continue to evaporate.
Looking ahead to 2023, there are ways organizations should consider avoiding assessing and securing against business communications risk: