Ransomware_0357% of organizations cite collaboration platforms such as Slack and Microsoft Teams as the tech stack representing the most risk. Since the start of 2020, the use of such tools has boomed. The digital workspace these tools create is highly vulnerable to a range of digital risks, including malware, spear phishing, insider threats, and compliance violations. This growing threat surface has compelled enterprises to seek technology solutions that can provide secure collaboration.

The most effective secure collaboration tools are highly scalable, and provide full visibility, automated compliance, next-gen sandboxing, and other features. By integrating with the at-risk cloud channels, these tools provide companies with secure collaboration platforms.
Every savvy company learned long ago that managing projects over email is a nightmare. Collaboration tools like Slack and Microsoft Teams have been on the rise for a number of years – a rise encouraged by the normalization of distributed teams. 

However, the COVID-19 pandemic drastically accelerated the use of collaboration tools. These cloud channels are experiencing an all-new operational centrality, across industries. 
 
  • For the full fiscal year 2020, Slack currently expects total revenue of around $622 million. This represents year-over-year growth of 55.5%.

  • As of October 2020, Microsoft Teams boasted 115 million daily active users. That number had risen over 50% in just six months.
Spear-Phishing_03

Plenty of other facts and figures that tell a similar story. These collaboration tools are now the norm of doing business. They are too powerful in facilitating daily operations to ever unwind from. They are here to stay.
 
However, enabling digital collaboration does not immediately confer secure collaboration. These tools create a digital workspace that is currently under-protected. As these tools are onboarded by more and more companies, their weaknesses become more and more attractive to bad actors. This is a bad combination.
According to our recent survey, 57% of organizations cite internal collaboration platforms as the tech stack representing the most risk. CISOs are right to be worried.

In early 2020, Cyberark discovered a vulnerability in Microsoft Teams. The attack utilized a weaponized GIF which, when viewed, began stealing data. A few months later, researchers discovered a Slack vulnerability that allowed attackers to smuggle malware and other malicious files into the environment. A flaw in the create snippet feature caused incorrect file type displays, and bad actors could potentially use it to introduce dangerous files as harmless ones.

These are just a couple of examples of how collaboration platforms have been targeted. Though such vulnerabilities are usually quickly patched, they also keep coming. And traditional cybersecurity techniques fail to offer a layer of protection against issues like this.
SGC - Pillar Page Graphics_graphic 1
The vulnerability of collaboration platforms from three main factors:
  • A high velocity and volume of communications
  • Lack of true visibility into these communications
  • The inadequacy of manual monitoring
The average Slack or Teams instance plays host to thousands or even tens of thousands of daily messages. These messages are exchanged at lightning speed, around the clock. They are sent in groups and DMs; they often contain links and attachments.
 
Just one malicious message, amongst the thousands of interactions hosted by a Slack or Teams instance, can cause serious damage. However, collaboration tools’ nonstop flow of human interaction moves far too fast to be manually monitored. Scanning every message is simply not practical.
Spear-Phishing 2-05
 
This renders collaboration tools black boxes. Security teams lack visibility and control. The activity proceeds at a consistent pace, but teams have no way to get their arms around everything that is going on. In this scenario, it is virtually a matter of time before one of the following digital risks arises:

icon_detect-threatsMalware & Ransomware

A simple click on a link is all it can take for malware or ransomware to strike. And bad actors are increasingly skilled at crafting innocent-looking URLs that draw people in. Malware can now be skillfully embedded within innocuous files: Word documents, PDFs, or any other format.
 
Frequently, the cause of malware or ransomware getting loose is pure accident. A staff member shares what they believe to be a legitimate site or a fun video – but they are unwittingly sharing a threat vector for malware. For example, they might share a file that someone they thought was a customer sent them on LinkedIn. However, this customer was a spear phisher, looking to gain access to the company infrastructure.
  Ransomware_03-1
 
Alternatively, Slack or Teams instances frequently preserve the login credentials of former employees, or third parties, or other groups who may have reason to try and do harm to the enterprise. Most companies have no centralized way to manage account access in a systematized way.
 
Moreover, increasingly, ransomware possesses delayed mechanisms that allow them to evade initial detection. Even in the unlikely event that a manual review team casts an eye over an offending file or message, they might not spot it for what it is the first time around.

icon_detect-threatsSpear Phishing & Account Takeover

Recent spear phishing campaigns have taken to targeting Microsoft Teams users through fake emails. These emails, which mimic automated notifications from a solution provider, point users to bogus login pages. There, bad actors collect and harvest legitimate login credentials from company employees. Most companies won’t be able to detect such account changes. They then won’t be able to recover the login credentials stolen from them.
 
Digital Risk Survey

 

Spear phishers exploit Slack vulnerabilities, as well. Ashley Graves, a Cloud Security Researcher at AT&T Alien Labs, describes how bad actors can abuse Slack webhooks to gain access to sensitive Slack data. They do this by crafting a phishing message which they send directly through a leaked webhook URL that leads to a Slack workspace. The message tricks the user into installing a malicious app that then exfiltrates data from the workspace. These sorts of threats will only get worse, with Slack upgrades allowing communication across different workspaces and business partners.
 
Senior executives are often the target of these attacks. Alternatively, a successful phishing attack can lead to a cybercriminal posing as an employee in your tools’ instance for weeks or months. The effect can be serious damage: financial and reputational.

icon_detect-threatsCompliance Threats

All modern companies enforce internal policies around employee communications. HR departments strive to prevent cyberbullying, hate speech, discrimination, and other threats to a harmonious workplace.
 
The rapid and widespread adoption of cloud collaboration platforms means that internal company communications are now chiefly digital. The issue is no longer how the staff is behaving in a physical meeting room, or around the water cooler. The issue is how they are conducting themselves on their Slack and Teams instance.
 
As we know from the example of Away, the luggage startup, internal communications can become very toxic and breach any sensible policy of employee conduct. However, the scale and speed of communications within collaboration tools makes it impossible to manually oversee things.
 
Spear-Phishing_03-1
 
Case in point: A K-12 private school needed to establish a secure collaboration platform for its students and staff. However, they generate an average of 125,000 chat messages in a ten-day span. The school had to onboard dedicated software to help them detect incidences of cyberbullying and digital harassment.

icon_detect-threatsInsider Threats

76% of executives admit that insider threats are what they worry about the most. Collaboration platforms play host to very sensitive company information. On Slack or Teams, staff exchange strategic plans, legal documents, financial reports, and other material that they would hate to see leaked. This free flow of sensitive information makes a secure collaboration platform paramount.
 
Digital-Risk-Survey_03-1
 
Hundreds of thousands of data breaches happen every year, and about 90% of these are due to insiders. The breach could come from anywhere. It could be a complete accident. Or it could come from third party users with bad intentions. But when people are handling sensitive information in a siloed environment, unfortunately, it is a matter of time before someone breaches the silo. When that happens, enterprises no longer have a way of detecting where their sensitive files have gone or what they have triggered.
Collaboration tools usually possess systems designed to guard entry to instances. Microsoft Teams, for example, enforces “team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest.” However, such measures do not address inherent digital risks within the platform. For this reason, most businesses rely on CASBs (cloud access security brokers) for infrastructure protection.
comms
However, CASBs have gaps of their own:
  • A blind gap with message and attachment visibility. CASBs cannot see the contents of these, leaving open doorways to digital risks.
  • A coverage gap for natural language processing. CASBs cannot glean context clues regarding data loss, harassment, and other compliance risks.
  • A measurement gap around data archiving and legal readiness. SIEMs, often used as “buckets” for CASB logs, do not help legal teams needing searchable records and full audit trails.
CISOs need real secure collaboration tools to augment their CASBs. This means integrating channels like Slack and Teams with software crafted to provide protection. This protection should follow these principles:

check_oTotal Visibility

Enterprises need 100% visibility in order to secure team collaboration environments. From direct chats to larger conversation threads on channels, organizations need the ability to continuously monitor, scan, and detect digital threats and risks. Instantaneous vetting of messages, links, attachments, and even GIFs is a must. Companies must employ digital risk protection solutions that ensure total, round-the-clock coverage.
 

check_oMalware Detection and Analysis

Much modern malware possesses algorithms that delay attacks. This allows the malware to avoid detection for a few days before unspooling. To address this, a secure cloud collaboration solution with next-generation sandboxing that performs a full execution path unfold is required. This capability fully unpacks all data and files within your system, unraveling and capturing even the most sophisticated malware. The platform should also be able to notify the console and SOC for the review and resolution process.
 

check_oCustomizable Policies

Every organization in every industry deals with different digital risk pressures. That means each enterprise should tailor their own internal standards and policies. When establishing protocols for secure collaboration, enterprises must deploy risk management solutions that allow complete and bespoke policy customization. Companies need the power to quickly apply these policies across their entire collaboration channel. 
 

check_oAutomated Compliance

The capacity to dish out tweaks, updates, and renewals to customized policies is also a must. Enforcing this policy must happen automatically, via machine learning, without any oversight required. This way, possible compliance violations are immediately flagged, without delay.

 

check_oScalable Technologies

Solutions providing secure collaboration must have no ceiling. An increasing number of enterprises are onboarding collaboration tools. Companies are hiring all the time. This means the amount of messages and activity within these channels are only going to grow in scale. Security solutions must take advantage of AI and machine learning in order to face zero restrictions on scalability.
SGC - Pillar Page Graphics_end2