The new suite of cloud-based channels are powerful and exciting tools. However, as they come to play a key role in digital transformation strategies and central business processes, they become digital transformation risks.
Email has long been a digital security risk, and a favorite attack point for cyber criminals, state actors, and other adversaries. However, a significant portion of marketing, sales, and organizational communications now take place outside of email. These communications have moved over to the third-party cloud channels that are now crucial for both growth and internal operations.
The increased use of these external and internal cloud channels means that the organizational threat surface has expanded. This new surface spans a variety of new applications, each with its own demands and requirements. Every cloud channel possesses a different owner, reporting into a different line of business: CMO, CHRO, CIO, CRO, or CXO. Departmental ownership is similarly split. For example, IT sometimes oversees Slack and Teams; HR is usually the buyer for Facebook Workplace; Sales oversees Salesforce; Marketing oversees Instagram – and so on. This newly evolved threat surface introduces a new category of digital risk.
Digital risk refers to new forms of old threats faced by enterprise organizations that are increasingly dependent on cloud channels for productivity, customer engagement, and growth.
Today, third-party cloud channels are every bit as mission-critical as email. And they are every bit as threatened. Phishing research1 shows that organizations face social media attacks with approximately the same frequency as they face email spear-phishing and email BEC attacks.