In a recent interview with the Cybercrime Magazine Podcast, SafeGuard Cyber CTO & President, Otavio Freire, and Dr. Alissa (Dr. Jay) Abdullah, SVP & Deputy CSO at Mastercard, joined host Steve Morgan to discuss how the increased adoption of social media, collaboration, and messaging applications has increased cybersecurity risk for many organizations.
During the conversation, Otavio cited how the rapid adoption of digital communication applications has elevated the risk profile for organizations, noting that it is easier for cybercriminals to conduct social engineering attacks on these apps, as opposed to on more secured platforms.
Otavio said that digital communication apps fall into a grey area of security within many organizations, and hackers know this. “They are taking advantage of this grey area to often breach the enterprise as we’ve seen with Operation Sharpshooter, Pegasus, and other campaigns,” he said.
Dr. Abdullah observed that since social media applications are often only used by the marketing and sales teams within many organizations and not enterprise-wide, that may explain why we find a real lack of security posture for them. In many cases, she says, they are only being governed by non-disclosure agreements and corporate policies.
Dr. Abdullah also offered repeated concern and caution about using corporate credentials, such as Gmail accounts, to log into social media and other cloud-based communication applications. If you do, she warns, you are giving away a token, and anybody who has access to that token and goes rogue can impersonate you. User and account impersonations are serious threats to be wary of, she says.
Other factors that emerged in the interview for supporting increased security of unsanctioned, cloud-based applications included the rapid acceleration of their adoption following the COVID-19 pandemic and how many organizations weren’t prepared for this from DLP and insider threat perspectives, with a lack of controls to safeguard their data. Research citing the correlation between additional security for digital communication apps, and better productivity and growth for organizations, was also discussed.
You can listen to this Cybercrime Magazine Podcast episode in its entirety here.