Business communications has changed significantly over recent years. The Covid pandemic accelerated the shift to remote and hybrid work with tools such as Slack, Teams and Zoom creating new ways for dispersed teams to communicate and collaborate. In parallel, other messaging platforms such as WhatsApp and Signal became de facto business communication tools as employees did whatever they could to maintain contact and productivity.
These platforms were rapidly deployed with productivity driving their uptake while security as relegated to the back seat. This created new risks that organisations need to recognise and mitigate.
Garrett O'Hara, the Senior Director of Sales Engineering for APAC at Mimecast says email is still a major attack vector, but other platforms are getting threat actors' attention.
“The backbone of any kind of intercompany communication is still email but we’ve seen many workloads shift to other messaging platforms. The problem is that attacks can occur wherever communication happens.”
The starting point for mitigating these new and emerging risks is focusing on three key elements: anywhere the communications happening, anywhere data is stored and anywhere people are working on data. Security leaders must implement controls that are appropriate for their budgets, work practices and risks when taking these three things into account.
While cloud platforms offer great benefits, organisations need to be aware of the new risks they may introduce. When organisations use cloud-based backup solutions, collaboration platforms or file syncing services, they create multiple copies of their data that need to be secured. And with local caches and the use of different devices including smartphones, laptops and home computers, keeping track of where data is becomes extremely complex.
“Managing data has always been challenging,” says O’Hara. “The magic of cloud platforms is that they simplify many processes. But the map of where data lives is increasingly complex.”
As the number of communication and collaboration tools proliferates, the attack surface threat actors are targeting is expanding. Organisations must protect data when it's at rest, while in flight and while it is being used. Creating a protected workplace that ensures malicious links and documents are not clicked on or shared is critical for thwarting cybercriminals.
Read the full State of Security Report here: