Threat Intelligence

    Collaboration Security: Managing the Risks of Modern Platforms

    The rapid and broad adoption of collaboration tools has opened companies of all sizes to costly attacks, according to new Mimecast research.

    by Garrett O’Hara

    Key Points

    • Collaboration platforms enabled remote work during the pandemic and are now essential to today’s work-from-anywhere environment.
    • But 94% of organizations surveyed experienced a threat via collaboration tools.
    • Shoring up defenses against collaboration-tool compromise has become a central imperative.
    • On average, cleaning up after these attacks costs companies more than a half-million dollars per attack.

    A new generation of collaboration tools and platforms were essential to enabling the now-prevalent remote- and hybrid-work models that power today’s work-from-anywhere world. But these technologies have also opened up organizations to a new form of fast-rising cybersecurity risk.

    As companies adopt cloud-based collaboration technologies en masse, these platforms are becoming high-value targets for cybercriminals seeking efficiencies of scale. The centralized infrastructure and common vulnerabilities of widely adopted collaboration and communication services offer bad actors an opportunity to focus their efforts for greater return. And, according to a new report commissioned by Mimecast, that’s exactly what they’re doing. 

    The global survey of 600 security leaders and more than 3,000 employees finds that an overwhelming majority of organizations — 94% — have experienced a threat via collaboration tools. And the impact is hardly trivial, costing companies hundreds of thousands of dollars in direct financial damages and untold more in hits to reputation, productivity, and employee and customer experience.

    The Toll of Collaboration Tool Compromise

    The Mimecast survey is one of the first to put a dollar value on the damages companies are incurring from collaboration tool attacks. The average cost of these attacks over the last year for those surveyed was approximately $575,000, which includes the expense of additional security measures, added staff, and systems recovery. For nearly one-third of U.S. respondents, the financial impact climbed to more than $1 million.

    Small and medium-sized businesses (SMBs) suffered less from a dollar-value standpoint than their larger counterparts, but that may be because they have less to spend on countermeasures. But relative to SMBs’ lower revenue, the losses are likely just as painful — if not more so.

    The Rush to Remote: Time to Close the Cyber Gaps 

    As with any cyber risk, human behavior is the primary enabler of successful collaboration tool exploits. But the survey shows that, in the urgency to enable remote work during the pandemic, most organizations did a poor job of providing effective cybersecurity awareness training for collaboration tools.

    While 100% of cybersecurity leaders say they offer collaboration tool security training, and 85% say their organizations have effectively communicated the risks and realities of collaboration tools to their workforces, employees tell a different story. Just one in 10 employees say they received dedicated collaboration tool security training (beyond the general cybersecurity training their organization offers). And more than one-third say they received no collaboration tool security training at all. Results for SMBs were worse.

    The lack of attention to cybersecurity training for collaboration platforms, in combination with employees’ lax behavior when using the tools, is a recipe for avoidable risk. As an example, employees are less likely to check the legitimacy of an unfamiliar website, attachment, or source that comes their way via a collaboration platform than they are when it arrives via email. The Mimecast report found that employees were not only more likely to be taken in by cyber threats via collaboration tools, they were also less likely to feel responsible for resulting breaches. 

    These findings, which the full report outlines in greater detail, are troublesome. But they also point to some obvious steps companies can take to shore up their protection against collaboration-tool compromise.

    The Bottom Line 

    Collaboration platforms are catnip for cybercriminals, while most employees are ill-equipped to understand their risks. But companies around the world now depend on these tools, making it essential that they provide dedicated collaboration tool cybersecurity training, monitor the use of collaboration platforms within their organizations, and invest in cybersecurity solutions designed to secure collaboration and communication platforms. Read more about the challenges and emerging best practices for protecting your organization in the new Mimecast report, Collaboration Security: Risks and Realities of the Modern Work Surface.

    Subscribe to Cyber Resilience Insights for more articles like these

    Get all the latest news and cybersecurity industry analysis delivered right to your inbox

    Sign up successful

    Thank you for signing up to receive updates from our blog

    We will be in touch!

    Haut de la page