Executive Summary


57% of organizations cite collaboration platforms such as Slack and Microsoft Teams as the tech stack representing the most risk. Since the start of 2020, the use of such tools has boomed. The digital workspace these tools create is highly vulnerable to a range of digital risks, including malware, spear phishing, insider threats, and compliance violations. This growing threat surface has compelled enterprises to seek technology solutions that can provide secure collaboration.

These collaboration platforms represent incredible opportunity to innovate across remote teams of employees and their third party contributors and, in many cases, directly with customers. But the explosion in use of these cloud-based tools has caught most enterprises off-guard; where they were once an adjunct to the enterprise, tools like Slack, Zoom, and Microsoft Teams have now become part of the new enterprise. Enterprises cannot and should not count on these brands to deliver the security levels they need to keep their people, data and brands safe. Brands simply must own their own security and compliance initiatives in the cloud and mobile workplace. What’s needed are a new generation of secure collaboration tools that are highly scalable, and provide full visibility, automated compliance, sandboxing, and other features. By integrating with the at-risk cloud channels, these tools provide companies with secure collaboration platforms.

Channels We Protect

zoom logo
The Acceleration of Digital Collaboration

Every savvy company learned long ago that managing projects over email is a nightmare. Collaboration tools like Slack and Microsoft Teams have been on the rise for a number of years, a rise encouraged by the normalization of distributed teams.

However, the COVID-19 pandemic drastically accelerated the use of collaboration tools. These cloud channels are experiencing an all-new operational centrality, across industries.

Plenty of other facts and figures that tell a similar story. These collaboration tools are now the norm of doing business. They are too powerful in facilitating daily operations to ever unwind from. They are here to stay. And they bring with them shadowy places into which traditional enterprise security and compliance tools are rendered ineffective. Full visibility into these channels requires monitoring deeply into the application, including into chat streams, forums and direct messages. These channels have become the new hotspot for cybercriminals, they know it’s an exposure and are rushing to capitalize on it before you can close the gap.

Today there is growing awareness that digital collaboration does not immediately confer secure and compliant collaboration. These tools create a digital workspace that is currently under-protected. As these tools are on-boarded by more and more companies, their weaknesses become more and more attractive to bad actors.

Risks in the Digital Workspace

According to our recent survey, 57% of organizations cite internal collaboration platforms as the tech stack representing the most risk. CISOs are right to be worried.

In early 2020, Cyberark discovered a vulnerability in Microsoft Teams. The attack utilized a weaponized GIF which, when viewed, began stealing data. A few months later, researchers discovered a Slack vulnerability that allowed attackers to smuggle malware and other malicious files into the environment. A flaw in the create snippet feature caused incorrect file type displays, and bad actors could potentially use it to introduce dangerous files as harmless ones.

These are just a couple of examples of how collaboration platforms have been targeted. Though such vulnerabilities are usually quickly patched, they also keep coming. And traditional cybersecurity techniques fail to offer a layer of protection against issues like this.

The vulnerability of collaboration platforms from three main factors:

  • A high velocity and volume of communications

  • Lack of true visibility into these communications

  • The inadequacy of manual monitoring

The average Slack or Teams instance plays host to thousands or even tens of thousands of daily messages. These messages are exchanged at lightning speed, around the clock. They are sent in groups and DMs; they often contain links and attachments.

Just one malicious message, amongst the thousands of interactions hosted by a Slack or Teams instance, can cause serious damage. However, collaboration tools’ nonstop flow of human interaction moves far too fast to be manually monitored. Scanning every message is simply not practical.

This renders collaboration tools black boxes. Security teams lack visibility and control. The activity proceeds at a consistent pace, but teams have no way to get their arms around everything that is going on. In this scenario, it is virtually a matter of time before one of the following digital risks arises:


 Malware-Malicious_DarkMalware & Ransomware


A simple click on a link is all it can take for malware or ransomware to strike. And bad actors are increasingly skilled at crafting innocent-looking URLs that draw people in. Malware can now be skillfully embedded within innocuous files: Word documents, PDFs, or any other format.

Frequently, the cause of malware or ransomware getting loose is pure accident. A staff member shares what they believe to be a legitimate site or a fun video – but they are unwittingly sharing a threat vector for malware. For example, they might share a file that someone they thought was a customer sent them on LinkedIn. However, this customer was a spear phisher, looking to gain access to the company infrastructure.

Alternatively, Slack or Teams instances frequently preserve the login credentials of former employees, or third parties, or other groups who may have reason to try and do harm to the enterprise. Most companies have no centralized way to manage account access in a systematized way.

Moreover, increasingly, ransomware possesses delayed mechanisms that allow them to evade initial detection. Even in the unlikely event that a manual review team casts an eye over an offending file or message, they might not spot it for what it is the first time around.

Phishing_DarkSpear Phishing & Account Takeover

Recent spear phishing campaigns have taken to targeting Microsoft Teams users through fake emails. These emails, which mimic automated notifications from a solution provider, point users to bogus login pages. There, bad actors collect and harvest legitimate login credentials from company employees. Most companies won’t be able to detect such account changes. They then won’t be able to recover the login credentials stolen from them.

Spear phishers exploit Slack vulnerabilities, as well. Ashley Graves, a Cloud Security Researcher at AT&T Alien Labs, describes how bad actors can abuse Slack webhooks to gain access to sensitive Slack data. They do this by crafting a phishing message which they send directly through a leaked webhook URL that leads to a Slack workspace. The message tricks the user into installing a malicious app that then exfiltrates data from the workspace. These sorts of threats will only get worse, with Slack upgrades allowing communication across different workspaces and business partners.

Senior executives are often the target of these attacks. Alternatively, a successful phishing attack can lead to a cybercriminal posing as an employee in your tools’ instance for weeks or months. The effect can be serious damage: financial and reputational.


Compliance_DarkCompliance and Risks

All modern companies enforce internal policies around employee communications. HR departments strive to prevent cyberbullying, hate speech, discrimination, and other threats to a harmonious workplace.

The rapid and widespread adoption of cloud collaboration platforms means that internal company communications are now chiefly digital. The issue is no longer how the staff is behaving in a physical meeting room, or around the water cooler. The issue is how they are conducting themselves on their Slack and Teams instance.

As we know from the example of Away, the luggage startup, internal communications can become very toxic and breach any sensible policy of employee conduct. However, the scale and speed of communications within collaboration tools makes it impossible to manually oversee things.

Case in point: A K-12 private school needed to establish a secure collaboration platform for its students and staff. However, they generate an average of 125,000 chat messages in a ten-day span. The school had to onboard dedicated software to help them detect incidences of cyberbullying and digital harassment.

Insider_DarkInsider Threats

76% of executives admit that insider threats are what they worry about the most. Collaboration platforms play host to very sensitive company information. On Slack or Teams, staff exchange strategic plans, legal documents, financial reports, and other material that they would hate to see leaked. This free flow of sensitive information makes a secure collaboration platform paramount.

Hundreds of thousands of data breaches happen every year, and about 90% of these are due to insiders. The breach could come from anywhere. It could be a complete accident. Or it could come from third party users with bad intentions. But when people are handling sensitive information in a siloed environment, unfortunately, it is a matter of time before someone breaches the silo. When that happens, enterprises no longer have a way of detecting where their sensitive files have gone or what they have triggered.

How to Secure Collaboration

Collaboration tools usually possess systems designed to guard entry to instances. Microsoft Teams, for example, enforces “team-wide and organization-wide two-factor authentication, single sign-on through Active Directory, and encryption of data in transit and at rest.” However, such measures do not address inherent digital risks within the platform. For this reason, most businesses rely on CASBs (cloud access security brokers) for infrastructure protection.

However, CASBs have gaps of their own:

  • A blind gap with message and attachment visibility. CASBs cannot see the contents of these, leaving open doorways to digital risks.

  • A coverage gap for natural language processing. CASBs cannot glean context clues regarding data loss, harassment, and other compliance risks.

  • A measurement gap around data archiving and legal readiness. SIEMs, often used as “buckets” for CASB logs, do not help legal teams needing searchable records and full audit trails.

CISOs need real secure collaboration tools to augment their CASBs. This means integrating channels like Slack and Teams with software crafted to provide protection. This protection should follow these principles:

Visibility_DarkTotal Visibility 

Enterprises need 100% visibility in order to secure team collaboration environments. From direct chats to larger conversation threads on channels, organizations need the ability to continuously monitor, scan, and detect digital threats and risks. Instantaneous vetting of messages, links, attachments, and even GIFs is a must. Companies must employ digital risk protection solutions that ensure total, round-the-clock coverage.

Malware-Malicious_DarkMalware Detection and Analysis

Much modern malware possesses algorithms that delay attacks. This allows the malware to avoid detection for a few days before unspooling. To address this, a secure cloud collaboration solution with next-generation sandboxing that performs a full execution path unfold is required. This capability fully unpacks all data and files within your system, unraveling and capturing even the most sophisticated malware. The platform should also be able to notify the console and SOC for the review and resolution process. 

Policy_DarkCustomizable Policies

Every organization in every industry deals with different digital risk pressures. That means each enterprise should tailor their own internal standards and policies. When establishing protocols for secure collaboration, enterprises must deploy risk management solutions that allow complete and bespoke policy customization. Companies need the power to quickly apply these policies across their entire collaboration channel. 

Compliance_DarkAutomated Compliance

The capacity to dish out tweaks, updates, and renewals to customized policies is also a must. Enforcing this policy must happen automatically, via machine learning, without any oversight required. This way, possible compliance violations are immediately flagged, without delay.

Technology_DarkScalable Technologies 


Solutions providing secure collaboration must have no ceiling. An increasing number of enterprises are onboarding collaboration tools. Companies are hiring all the time. This means the amount of messages and activity within these channels are only going to grow in scale. Security solutions must take advantage of AI and machine learning in order to face zero restrictions on scalability.

Secure Human Connections

Ready to see how SafeGuard Cyber drives business transformation?