The 2020’s office exodus to a work-from-anywhere environment was accelerated by the pandemic, but it was a change that was already in progress. Remote work offers greater flexibility and has introduced new solutions for collaboration and communication.
Applications such as Slack, Zoom, and Microsoft Teams are now all heavily leveraged for collaboration with internal teams and external partners. Companies and their newly distributed teams have come to heavily rely on cloud-based collaboration apps to connect work-from-home workforces. Now, even as offices reopen, these applications remain mission-critical, especially in hybrid work settings.
Unfortunately, the quick pivot to third-party apps has increased cybersecurity risk for companies and their employees. More outside access points mean an expanded attack surface for bad actors. Social engineering, ransomware attacks, insider threats, and third-party risks are all dangers that organizations need to protect against in their use of collaboration tools. In fact, phishing, malware attacks and other cybercrime spiked in 2020. The FBI’s cybercrimes office fielded between 3,000 and 4,000 reports daily last year.
With bad actors stepping up their attacks, companies need to continue prioritizing the safety and security of employees and their data. If you’re looking for insights on exactly how to shore up security for collaborative cloud-based apps, here are five cybersecurity experts worth following.
Irwin Lazar, President and Principal Analyst, Metrigy
LinkedIn | Twitter
With 20 years of experience in cybersecurity, workplace collaboration and consulting, Irwin is uniquely qualified to talk about the current trends in remote and hybrid work. He was talking about the “digital workplace” long before it became a pressing concern in 2019, and brings a vast wealth of practical experience to bear on the discussion.
In his recent blog, Securing Human Connections in Workplace Collaboration, Irwin describes how the advent of cloud apps and digital workplaces requires rethinking cybersecurity. It’s no longer possible to establish a rigid network perimeter and protect it, while allowing free access within that perimeter. Rather, Irwin says,
“The reality for many companies is that the collaborative landscape is more diverse than ever before. This new paradigm has created significant challenges in managing risk, and for those responsible for governance, compliance, and security. These challenges are exacerbated not just by the increasing number of apps, but also by the collaboration functions offered by them.
For example, today most meeting applications now support in-meeting chat, file sharing, and transcription, creating content that requires protection and governance. Collaboration and communication channels that span company boundaries create additional concerns from potential data leakage and the need to manage external access. And, the growing use of consumer channels means that conversations are happening in applications outside of IT’s control.”
It comes down to creating a safe medium of exchange—whether those exchanges are text, video, raw data or some other important digital asset. Leaving digital communication channels unguarded compromises everyone using them.
Ideally, your security solution can help prevent malware and ransomware from propagating throughout your business communication channels and collaboration platforms by detecting malicious files and links, automatically alerting security operations, and removing the content before the malware is installed or shared with more employees.
Doug Cahill, VP, Analyst Services and Senior Analyst at Enterprise Strategy Group
LinkedIn | Twitter
Doug’s voice is a strong one in the cloud cybersecurity conversation. His area of focus is predominantly cloud-native security, including secure DevOps methodologies, and he has decades of background to lend credence to his contributions to a safer, more secure distributed workforce. Doug is an influential voice when it comes to understanding ever-evolving modes of cyberattack and the measures companies need to shore up their cloud infrastructure against them.
Doug’s insights during the shift to work-from-home (WFH) and his understanding of the Identity Perimeter makes him an authority worth following. In an article on enterprise cloud security trends, Doug highlights the big picture for what many companies are going through right now. He says, “cloud security has reached a tipping point by virtue of the fact that both SaaS and internally developed cloud-native applications now perform business-critical functions. In turn, cloud security can no longer be a siloed discipline in which separate teams employ separate controls to secure separate environments.”
According to Doug, cohesion and synergy are paramount for cybersecurity and the many facets of business that rely on it. It’s up to DevOps to de-silo cybersecurity, to make it a mission-critical part of a business’ core operations—whether they happen in-house or through SaaS and third-party partnerships.
One essential part of de-siloed cybersecurity is Data Loss Protection (DLP). The right solution can detect when sensitive information is disclosed in communications, automatically alerting security operations to protect against further unauthorized use and transmission of confidential information.
Dr. Eric Cole, Cybersecurity Consultant, Virtual CISO
LinkedIn | Twitter
Dr. Eric Cole is on the front lines of cloud cybersecurity, shepherding businesses to safer pastures. Dr. Cole has been very vocal about the need for enterprise companies to be proactive in embracing cybersecurity measures, and is the industry’s de-facto authority on c-suite cybersecurity leadership. He’s best known for training Chief Information Security Officers (CISOs), with an emphasis on cloud security. He preaches not only preparedness, but also a keen understanding of the specific risk factors businesses face.
When asked about risk, Dr. Cole says, “risk focuses on threats and vulnerabilities. Here's the risk formula: risk (the probability of loss) = threats (the potential for harm) X vulnerabilities (weaknesses or exposures). As CISOs, we don't control the threats, but we can control the vulnerabilities and weaknesses.” Dr. Cole works to bring a level of simplicity to CISO training and cybersecurity solutions. Even though cloud-based cybersecurity is a tremendously complex and evolving topic, he believes that many times, the risks (and their solutions) are simple to understand.
Risk assessment and prevention start at the top. It’s why Dr. Cole takes specific care in training CISOs. As business operations become more and more decentralized and cloud-based, CISOs and other c-suite leaders will bear the burden of reducing risk through strategic assessment of threats and vulnerabilities.
A security solution that offers visibility, detection and response capabilities for cloud communication apps can help CISOs stay on top of the emerging threat landscape. Teams must secure the business by protecting the human attack vector from targeted threats across enterprise communication and collaboration platforms.
Bob Carver, Principal Cybersecurity Threat Intelligence and Analytics at Verizon
LinkedIn | Twitter
As the Principal Cybersecurity Threat Intelligence and Analytics expert for one of the world’s largest telecom companies, people listen when Bob Carver speaks about cloud security! While most cybersecurity experts are talking about how to prevent data breaches, Bob is autopsying recent breaches and performing postmortems to figure out how they happened. Then, he goes hunting for weaknesses to prevent the next big cybercrime event.
In an article about Cybersecurity Predictions , Bob argues that understanding threats is only the start—companies need to act against them, not wait to be impacted by them. He says, “there needs to be continued use and advancement in these detection and mitigation mechanisms; but like any other methodology, these methods by themselves are not a silver bullet to solve all of our cyberattacks. They are simply tools in the toolbelt that can be utilized for great good.”
Companies shouldn’t wait to be Bob’s next case study. Instead, they need to implement best practices and strategic solutions proactively. As Bob says, there’s no silver bullet; however, there is a growing arsenal of protections businesses can and should tap into. One often-overlooked area of vulnerability: enterprise collaboration applications. The right security solution should manage day-to-day risk in business communication beyond simply protecting email.
Holly Ridgeway, EVP Chief Security Officer at Citizens Financial Group, Inc.
A Certified Information Systems Security Professional (CISSP), Holly Ridgeway is also the EVP Chief Security Officer at Citizens Financial Group, Inc. As finance remains one of the highest-targeted industries for cyberattacks, her work exposes her to cybersecurity threats on a regular basis. Holly’s tenure in cybersecurity also extends to time as the Managing Director of Information Security Programs at FireEye/Mandiant—one of the most renowned cybersecurity firms in the world. Safe to say, she has intimate familiarity with the modern threats facing cloud collaborators.
An adjunct professor at the University of Maryland Global Campus, Holly has been educating people about cybersecurity, IT management, and IT assurance for nearly 15 years. She believes that modern cybersecurity is equal parts education and intelligent software application:
“One of the best assets businesses have is a properly educated workforce that can identify threats such as social engineering, phishing, or malicious emails. These are common tactics threat actors use, and a vigilant workforce that reports threats effectively can significantly increase the efficiency of a cyberdefense team.
“Security professionals should also be deploying data analytics, overlaid with cultivated and vetted threat intelligence and sound workflows that allow for timely and effective response actions. Automation and orchestration are key components, but all alerts and triage actions need to be conducted by a trained analyst with intimate knowledge of the organization’s network.”
The takeaway? Investment in cybersecurity personnel and education is just as important as building a security tech stack. Augment staff training with a solution that detects the early stages of communication-based attacks.
A Future of Secure Collaboration
Companies that rely on cloud-based collaboration software and third-party communication applications need to cope with the growing threat of social engineering, ransomware, third-party risks, and insider threats. Understanding these threats, assessing risk, educating employees, and adopting a security solution to manage day-to-day business communication risk are all prevalent actions companies need to take.
Wondering how to stay ahead of threats and protect employees and data effectively? Follow the above five cybersecurity experts and take their insights and advice to heart.
To learn how Safeguard Cyber can protect your digital channels, request a demo today.