Throughout 2022, we've seen devastating attacks target enterprises through social engineering employees. These attacks are low-cost for threat actors, but offer high rewards by gaining privileged access quickly. Email still plays a large part, but this year we saw a further weaponization of business communication infrastructure, like targeting employees and contractors on LinkedIn, WhatsApp, and lateral movement through Slack.
Fortunately, our work with customers has shown us that security leaders are waking up to the need for greater visibility and control across their entire communications environment. We have seen a broader recognition that layering multiple security solutions around email while Teams and Slack remain opaque is like bolting the front door while the windows remain open. In short, our security customers now see a need to continuously measure and secure their data against business communications risk.
In 2023, we will see malicious actors increase the frequency of and escalate tactics and techniques around communication. Based on our frontline experiences, here are SafeGuard Cyber's top five predictions for how business communication risk will increase in 2023.
The Death of Email: Modern workforces will continue to choose unsecured communications channels.
If an employee feels like their security and compliance solution is curtailing their freedom to communicate effectively and efficiently, chances are they’ll find another way to circumvent the process and monitoring tools. Around 45% of business communication happens in digital channels outside of email. This is a trend that will escalate in 2023.
Digital natives in particular are still not open to completely following cybersecurity protocol for various reasons, and frequently communicate via channels outside of email. The reasons for this behavior are many but include:
- The security protocol slows tasks and operation progress with long, tedious authentication processes.
- It hinders productivity by restricting access to documents and data that a teams/individuals might need to complete a task.
- Constant monitoring induces anxiety and raises stress levels because of the feeling of "being watched."
- Privacy seems moot when your security solution flags every message on your platform and sends them to an IT security personnel for evaluation.
LinkedIn will become the most prevalent non-corporate communication channel for data leaks due to new jobs on the market and economic headwinds.
Increased layoffs across the globe will lead to job seekers using messaging channels to communicate with potential employers, specifically LinkedIn messenger. Departing employees are far more likely to share critical information and data about their former employer in these communications.
In many cases, job seekers will be looking for similar positions and will believe that sharing specific data from their former company will give them a leg up in landing their next gig.
2023 will see an increase in email phishing campaigns that lead to third-party supply chain ransomware attacks against enterprise Slack or Teams instances.
Phishing attacks are becoming more collaborative and span multi-channel communications. An attacker will need to impersonate trusted personas across several communication channels to gain trust from the target. Attackers are looking for any way into an organization. And they are becoming better at language-based attacks that travel across communication channels, making it easy to deliver ransomware in unmonitored collaboration applications. We believe this year's MFA fatigue attacks are just the start, and hardware keys will not be a silver bullet against more sophisticated social engineering attacks.
Attackers will use credentials acquired from the dark web to infiltrate a corporate communication channel like Zoom or Slack for a major financial institution, which will lead to compromising data about executives within the organization.
Once an attacker obtains credentials, they will then log into a corporate channel that is not monitored with security controls and will be able to operate within it for hours unnoticed. This gives them ample time to observe and/or exfiltrate sensitive data.
A similar real-world example occurred in September when an attacker compromised an Uber employee’s credentials and then revealed themselves in the corporate Slack channel. There will be a direct correlation in 2023 of compromised accounts, either stolen or sold, that will be used to attack an organization in minimally observed communication and collaboration channels.
Corporate attacks and breaches through targeted personal communications go mainstream and increase tension between employees and employers.
Social engineering attacks originating in employee-owned communication channels are highlighted in the news on a weekly basis. Cybercriminals are targeting high value employees on LinkedIn, Telegram, and WhatsApp to infiltrate enterprises. Employers are struggling to enforce mandates and policies but will have to weigh the cyber risks against employees' data privacy. In short, the "personal" and "professional" boundary will continue to evaporate.
How to Protection Your Organization
Looking ahead to 2023, there are ways organizations should consider avoiding assessing and securing against business communications risk:
- Ensure visibility across all communication channels
- Reducing the risk present in business communication tools begins with visibility. You can’t protect your organization from attacks you can’t see.
- Even without technical controls in place today, you can get started with this checklist.
- Implement robust detection capabilities
- Once monitoring is in place, detection capabilities must be added to all communication channels. This must include the ability to detect the context and intent of human communications. Many of today’s attacks involve more sophisticated social engineering techniques, which are difficult to detect using traditional signature-based tools.
- Integrate response actions to block attacks
- With monitoring and detections in place, the final step to protecting against sophisticated BCC attacks is to add integrations with communication channels and IAM solutions to allow rapid response. This must include manual actions that security personnel can initiate, as well as automated actions when threat levels are high and/or risk to the business is significant.