GUIDE
Security for Collaboration Applications
Closing the Gaps on Your Business Tools
Executive Summary
Enterprise collaboration apps have, over time, become critical tools for businesses. The COVID-19 pandemic has only increased the demand for these “teamwork apps”. Because of that however, incidents of cyberattacks and digital threats have spiked.
The problem lies in the fact that these apps deal with a constant stream of threats. And the human users managing the apps are prone to error.
Addressing these cyberthreats should be a two-step process.
- Educate the users (from the executives down to the employees) on the best practices around securing these applications.
- Deploy a solution that enables 100% visibility and enhanced detection and response across the board.
It’s only then that companies can be as secure as possible, no matter what digital risk threatens them.
.png)
Collaboration Tools Come with Security Risks
Over the years, enterprise communication and collaboration tools have become critical business tools for many organizations around the world.
The events of 2020, primarily around COVID-19, have pushed the envelope further. It was when these solutions saw a great rise in their usage numbers.
- For the full fiscal year 2020, Slack achieved 12 million daily active users, along with a total revenue of around $630 million.
- Microsoft Teams boasted 115 million daily active users. That number had risen over 50% in just six months.
- By the end of 2020, Zoom had about 350 million daily meeting participants, compared to its 10 million participants during 2019.
But lately, we’ve been seeing clear signs of increased instances of social engineering, ransomware attacks, compliance violations, insider threats, and other third-party risks in these solutions. Major examples are as follows:
- The 2021 EA Games Slack breach didn’t involve phishing, or sophisticated vulnerability scouting. All it allegedly took was a Slack authentication cookie. Cyberattackers reportedly leveraged a stolen cookie which they had purchased online for $10 to get inside the company’s Slack instance and, ultimately, the EA corporate network. As a result, the gaming giant saw 780GB of data stolen – including valuable source codes for some of their most popular game franchises.
- A ransomware attack in May 2021 closed down the Colonial Pipeline and cut off fuel supply to millions of Americans, especially in the Mid-Atlantic. The DarkSide ransomware group reportedly took nearly 100Gb of data from the company’s network in two hours, part of the group’s double-extortion scheme hallmark attacks. FireEye suspects the hackers exploited the company’s Slack API as a communication mechanism to the C2 server.
- Microsoft Teams has had its share of exposed digital risks too. Evan Grant, a researcher at Tenable, published a report about a zero-day vulnerability in Teams, describing a Teams PowerApps service bug that could have opened the door for malicious actors to craft their own PowerApps tabs, and allow them to steal authentication tokens and perform messaging impersonation and data extraction.
- Elsewhere, new Zoom vulnerabilities have been discovered through the Pwn2Own 2021 hacking competition. The two researchers, Daan Keuper and Thijs Alkemade from Computest, won $200,000 for exposing a Zoom exploit that allowed remote code execution without user interaction. In the demonstration, the victim received a meeting invitation from the attacker without even clicking anything to trigger it.
Some of the negative outcomes that an organization faces
if a successful attack on a collaboration platform is carried out are as follows:
Product or proprietary information leakage or theft
PII information about employees or customers potentially being stolen or leaked
Exposure of financial information or classified and sensitive data being sent using these platforms
Phishing campaigns enabling intrusion and granting attackers access to sensitive systems
"Text here."
Text here
The Heart of the Problem
The vulnerability of collaboration apps is rooted in three main factors:
- A high velocity and volume of communications;
- Lack of true visibility into these communications; and,
- The inadequacy of manual monitoring
The average Slack or Teams instance plays host to thousands or even tens of thousands of daily messages. These messages are exchanged at lightning speed, around the clock. They are sent in groups and DMs and often contain links and attachments. In Zoom, users communicate through video conferences, in-meeting chats, and even IMs.
Just one malicious message, amongst the thousands of interactions hosted by a Slack or Teams instance, can cause serious damage. However, collaboration tools’ nonstop flow of human interaction moves far too fast to be manually monitored. Scanning every message is simply not practical.
This renders collaboration tools black boxes. Security teams lack visibility and control, and secure collaboration tools can feel nonexistent. The activity proceeds at a consistent pace, but teams have no way to get their arms around everything that is going on.
This is supported by a recent joint study conducted by research community Pulse and SafeGuard Cyber that surveyed 100 enterprise IT Security leaders. Key insights from the respondents of that study revealed:
Key insights from the respondents of that study revealed:
Lack of visibility (39%) is the biggest challenge for security leaders who aim to maintain security and compliance across all business communications.
Only 10% of respondents have a tech stack that can fully detect and respond to threats in cloud applications outside of their network.
To ensure security and compliance on social media, collaboration, and mobile chat applications, most security teams (77%) turn to tools that restrict access to third-party communication apps.
"COVID-19 really expedited some of our conversations around modern channels and accelerating digital transformation."
Head of Product, Global100 Pharmaceutical Company
How to Address Cyber Threats
There are many simple, basic approaches to establish collaboration apps security in your organization:
Smarter Password Protection
According to Microsoft, activating Two-Factor Authentication (2FA) successfully blocks 99.9% of automated attacks, so all employees should be trained to use it wherever possible.
Constant Security Software Updates
Missing patches and late updates on your security software (e.g. firewalls) can lead to vulnerabilities in the system which hackers can explore and exploit. Constant updates and patches improve your security and prevent at least simple social engineering attempts.
Threat Detection and Security Training
If possible, staff should be trained on how to recognize potential threats such as phishing attacks on social media and email. If your company doesn’t offer it, you can find several free courses online.
However, companies will need a robust security solution, preferably one that can provide the following benefits:
- Enforced consistent policy application to all third-party collaboration tool users, no matter the device or network used to communicate with distributed employees or partners.
- Decreased MTTD/MTTR for all threats that arise across cloud-based collaboration and communication applications.
- A system that identifies, flags, and quarantines hard-to-identify threats such as third-party risks, social engineering, malware, data exfiltration, and insider threats.
- Centralized monitoring and response for threats across third-party cloud applications.
- Context and intent detection through language-agnostic ML, flexible policy customization, and behavioral analytics.
Agentless Architecture
Your solution should have a portable security layer extending to any instance, with visibility to detect internal and external message-level threats. Organizations benefit from rapid, scalable deployment, and gain time to value while eliminating the need to manage agents.
Unprecedented Visibility
Protect business-critical cloud communication environments, on any network or device. An effective cybersecurity solution should also be efficient, ensuring rapid MTTD/MTTR capabilities for all of your collaboration communications is necessary.
Agentless ArchitectureYour solution should have a portable security layer extending to any instance, with visibility to detect internal and external message-level threats. Organizations benefit from rapid, scalable deployment, and gain time to value while eliminating the need to manage agents.
Unprecedented VisibilityProtect business-critical cloud communication environments, on any network or device. An effective cybersecurity solution should also be efficient, ensuring rapid MTTD/MTTR capabilities for all of your collaboration communications is necessary.
Customizable and Automated Policy EnginePolicies that supervise threat detection and remediation response should be customizable at the admin level. Its distributed policy supervision should also have the ability to:
- Distinguish user groups
- Apply policies selectively to different groups, and;
- Designate different reviewers for each group
Language Agnostic MLWith the help of machine learning, an exceptional security solution should be language-agnostic, enabling multi-region readiness, and scalability. Configurable and transparent for auditable environments, an ML-powered solution can determine which risks to prioritize and respond to first. Behavioral analytics should also be available.
Threat ReportingFinally, your cybersecurity solution should allow access to actionable risk analytics and behavioral analytics in a consolidated view of all your cloud apps.
According to Finances Online, the online collaboration market worldwide is expected to increase further to $13.5 billion by 2024, with “teamwork apps” currently being the strongest growth segment. Naturally, more bad actors will see this as an opportunity to exploit organizations using collaboration applications for critical business communications.
With that in mind, closing the security gaps in your business communication tools is paramount. Ensuring collaboration app security is essential to protecting your enterprise against social engineering, ransomware, third-party risks, and insider threats. Your organization’s resilience depends on it.
"The biggest conundrom for organizations, especially in highly regulated industries, is actually not really the technology. That's usually something that they’re able to pull in. The challenge is about getting everybody on the same page, and then having everybody be part of that equation. But if you can do that, it’s a game-changer. That’s where there is the excitement and the passion, and that focus opens up a lot of opportunity for everybody."
Francie Rawlings, Former Global Lead at Pfizer
Emerging Market Business Technology
"In security, to be really good at the defense, you have to understand the offense."
Dr. Eric Cole
CEO, Secure Anchor
Featured Customer Story
Get the solutions brief to learn how to protect against third-party risk, social engineering, ransomware, and insider threats.
Customizable and Automated Policy Engine
Policies that supervise threat detection and remediation response should be customizable at the admin level. Its distributed policy supervision should also have the ability to:
- Distinguish user groups
- Apply policies selectively to different groups, and;
- Designate different reviewers for each group
Language Agnostic ML
With the help of machine learning, an exceptional security solution should be language-agnostic, enabling multi-region readiness, and scalability. Configurable and transparent for auditable environments, an ML-powered solution can determine which risks to prioritize and respond to first. Behavioral analytics should also be available.
Threat Reporting
Finally, your cybersecurity solution should allow access to actionable risk analytics and behavioral analytics in a consolidated view of all your cloud apps.
SafeGuardCyber Survey April, 2019
