Collaboration tools facilitate greater efficiency, but at what cost?
The sudden and global work from home directive led to massive growth in online collaboration tools and cloud storage services in 2020. The rapid uptake and expanded use of these tools meant that some IT and security teams were unable to sufficiently secure their businesses from the onslaught of cloud-related cyberthreats. With the hybrid workplace still lingering into 2021(and perhaps beyond), security teams should take special care to cover all the bases.
Remote collaboration tools skyrocketing in growth
Collaboration services saw an increase of 600%, with education, government and financial services experiencing dramatic shifts in usage
- According to research, Zooms experienced a 378% year over year growth, Teams increased by 300% and Slack usage increased by over 200%. [2]
- Microsoft also shared that some of its other cloud services were seeing growth as high as 775%. [3]
Enterprise communication and collaboration apps are creating cybersecurity blind spots
Yes, collaboration tools and cloud storage are undoubtedly vital, liberating resources in today’s circumstances. But these services are also creating security blind spots that are going unaddressed and creating major areas of vulnerability. Cyber criminals have responded to the upsurge in cloud usage with increased attacks and compromise of cloud credentials, with external attacks on cloud accounts increasing by over 630% [4]
Cloud usage from unmanaged devices has also doubled – with employees accessing corporate applications from personal devices while at home or on the go. [5] Notably, anomalous login attempts tripled since January 2020. [6] This includes brute-force attempts by cybercriminals, and also refers to excessive use from anomalous locations and logins from geographically distinct locations in a short period of time.
Cloud and collaboration-borne attacks
- Malicious file upload: According to Perception Point, cloud storage ‘is a tool where 60% of companies are sharing content with customers, suppliers and unmanaged third parties.’ [7] Threat actors can enter your cloud storage and collaboration tools via these outside sources – for example, they may compromise a suppliers access and sync a malicious file to your system via a shared folder.
- Impersonation: An attacker may compromise cloud credentials and gain access to a legitimate employee account. There have been reports of increased privacy concerns regarding applications such as Zoom and Teams, as cybercriminals have been known to also exploit software vulnerabilities and hijack virtual meetings. [8] Their aim here is to eavesdrop on conference calls, examine chat threads and obtain sensitive information they could use for further compromise.
Our recommendations: the time is now to secure your collaboration tools and cloud storage
Get back to basics
Be aware of shadow IT
Redefine information handling
Consider a multi-layered platform
A lot of businesses turn towards cloud access security brokers (CASB) because they largely act as a gatekeeper, actively monitoring access and data leakage by enforcing cloud-based security policy. However, CASBs are not traditionally designed for threat detection, and therefore could let bad actors slip through the cracks. At Content Security, we can help you find a unified platform that detects AND prevents threats across a whole host of systems. We assist clients with securing a variety of applications, such as Dropbox, Office365, SharePoint, Google Drive, Citrix, Slack, Teams and more.
References
- [1] Perception Point – The most popular at work apps are amongst the most vulnerable to cyber-attacks.
- [2] McAfee Cloud Adoption and Risk Report: Work from Home Edition.: pg.3.
- [3] Ibid: pg.2.
- [4] Ibid: pg.2.
- [5] Ibid: pg.4
- [6] Tech Radar – Cyber-attacks on collaboration tools see major increase.
- [7] Perception Point – Cloud storage security risks.
- [8] Bit Sight – Collaboration tools expose the remote office to new vulnerabilities.
For more information please contact our cybersecurity professionals today.
Recent news
Latest posts
Accelerating Your Zero Trust Journey with Converged Identity
21 August, 2024Securing Businesses through Cybersecurity Awareness
10 July, 2024Checklist for Enterprise Email Security
25 June, 2024