Executive Summary

The healthcare and public health (HPH) sector is continuously implementing new digital transformation initiatives. The COVID-19 pandemic has only accelerated the sector’s need for digital tools and remote working solutions. However, the addition of these new tools has expanded their attack surface – and bad actors are exploiting this.

IBM reports that the healthcare industry is the most expensive sector in terms of data breach costs, amounting to $7.13M per month in 2020.

According to the February 2021 Healthcare Data Breach Report from the HIPAA Journal, there was a 40.63% increase in reported data breaches that month. The majority of these were hacking incidents.

Every such breach puts providers at risk of breaching regulations around patient data and patient confidentiality.

Securing digital applications is the only way for the industry to combat the growing threat of data breaches and hacking incidents.

With NextGen Compliance, healthcare institutions and hospitals can secure their patients’ data and information at scale. NextGen Compliance solutions offer comprehensive coverage of all cloud channels, mitigating risks. Moreover, it turns compliance into a new source of insights for patient communication and interaction. Compliance moves from being simply a cost center, to a new focus of revenue generation.

Executive Summary

Enterprise collaboration apps have, over time, become critical tools for businesses. The COVID-19 pandemic has only increased the demand for these “teamwork apps”. Because of that however, incidents of cyberattacks and digital threats have spiked.

The problem lies in the fact that these apps deal with a constant stream of threats. And the human users managing the apps are prone to error.

Addressing these cyberthreats should be a two-step process.

  • Educate the users (from the executives down to the employees) on the best practices around securing these applications.
  • Deploy a solution that enables 100% visibility and enhanced detection and response across the board.

It’s only then that companies can be as secure as possible, no matter what digital risk threatens them.

Graphic-Remote_Workforce_WFH (1)

Collaboration Tools Come with Security Risks

Over the years, enterprise communication and collaboration tools have become critical business tools for many organizations around the world.

The events of 2020, primarily around COVID-19, have pushed the envelope further. It was when these solutions saw a great rise in their usage numbers.

  • For the full fiscal year 2020, Slack achieved 12 million daily active users, along with a total revenue of around $630 million.
  • Microsoft Teams boasted 115 million daily active users. That number had risen over 50% in just six months.
  • By the end of 2020, Zoom had about 350 million daily meeting participants, compared to its 10 million participants during 2019.
spacing-1
Secure Collaboration Tools: Using Slack, MS Teams, and Zoom Safely
The growing threats & risks of cloud apps compel enterprises to secure collab tools by using them safely through cloud native defenses.
Learn More
Pillar Page_Secure Collaboration_cover page

But lately, we’ve been seeing clear signs of increased instances of social engineering, ransomware attacks, compliance violations, insider threats, and other third-party risks in these solutions. Major examples are as follows:

  • The 2021 EA Games Slack breach didn’t involve phishing, or sophisticated vulnerability scouting. All it allegedly took was a Slack authentication cookie. Cyberattackers reportedly leveraged a stolen cookie which they had purchased online for $10 to get inside the company’s Slack instance and, ultimately, the EA corporate network. As a result, the gaming giant saw 780GB of data stolen – including valuable source codes for some of their most popular game franchises.
  • A ransomware attack in May 2021 closed down the Colonial Pipeline and cut off fuel supply to millions of Americans, especially in the Mid-Atlantic. The DarkSide ransomware group reportedly took nearly 100Gb of data from the company’s network in two hours, part of the group’s double-extortion scheme hallmark attacks. FireEye suspects the hackers exploited the company’s Slack API as a communication mechanism to the C2 server.
  • Microsoft Teams has had its share of exposed digital risks too. Evan Grant, a researcher at Tenable, published a report about a zero-day vulnerability in Teams, describing a Teams PowerApps service bug that could have opened the door for malicious actors to craft their own PowerApps tabs, and allow them to steal authentication tokens and perform messaging impersonation and data extraction.
  • Elsewhere, new Zoom vulnerabilities have been discovered through the Pwn2Own 2021 hacking competition. The two researchers, Daan Keuper and Thijs Alkemade from Computest, won $200,000 for exposing a Zoom exploit that allowed remote code execution without user interaction. In the demonstration, the victim received a meeting invitation from the attacker without even clicking anything to trigger it.
spacing-1

Some of the negative outcomes that an organization faces
if a successful attack on a collaboration platform is carried out are as follows:

"Text here."

Text here

PODCAST_S02_E13_BrianSolis_v04

The Heart of the Problem

The vulnerability of collaboration apps is rooted in three main factors:

  • A high velocity and volume of communications;
  • Lack of true visibility into these communications; and,
  • The inadequacy of manual monitoring

The average Slack or Teams instance plays host to thousands or even tens of thousands of daily messages. These messages are exchanged at lightning speed, around the clock. They are sent in groups and DMs and often contain links and attachments. In Zoom, users communicate through video conferences, in-meeting chats, and even IMs.

Just one malicious message, amongst the thousands of interactions hosted by a Slack or Teams instance, can cause serious damage. However, collaboration tools’ nonstop flow of human interaction moves far too fast to be manually monitored. Scanning every message is simply not practical.

This renders collaboration tools black boxes. Security teams lack visibility and control, and secure collaboration tools can feel nonexistent. The activity proceeds at a consistent pace, but teams have no way to get their arms around everything that is going on.

This is supported by a recent joint study conducted by research community Pulse and SafeGuard Cyber that surveyed 100 enterprise IT Security leaders. Key insights from the respondents of that study revealed:

spacing-1
Why are these solutions extremely vulnerable? And what should companies do about it?

 

The Heart of the Problem

The vulnerability of collaboration apps is rooted in three main factors:

  • A high velocity and volume of communications;
  • Lack of true visibility into these communications; and,
  • The inadequacy of manual monitoring

The average Slack or Teams instance plays host to thousands or even tens of thousands of daily messages. These messages are exchanged at lightning speed, around the clock. They are sent in groups and DMs and often contain links and attachments. In Zoom, users communicate through video conferences, in-meeting chats, and even IMs.

Just one malicious message, amongst the thousands of interactions hosted by a Slack or Teams instance, can cause serious damage. However, collaboration tools’ nonstop flow of human interaction moves far too fast to be manually monitored. Scanning every message is simply not practical.

This renders collaboration tools black boxes. Security teams lack visibility and control, and secure collaboration tools can feel nonexistent. The activity proceeds at a consistent pace, but teams have no way to get their arms around everything that is going on.

This is supported by a recent joint study conducted by research community Pulse and SafeGuard Cyber that surveyed 100 enterprise IT Security leaders.

 

Key insights from the respondents of that study revealed:

39
%
Lack of visibility (39%) is the biggest challenge for security leaders who aim to maintain security and compliance across all business communications.

10
%
Only 10% of respondents have a tech stack that can fully detect and respond to threats in cloud applications outside of their network

77
%
To ensure security and compliance on social media, collaboration, and mobile chat applications, most security teams (77%) turn to tools that restrict access to third-party communication apps.

Key insights from the respondents of that study revealed:

"COVID-19 really expedited some of our conversations around modern channels and accelerating digital transformation."

Head of Product, Global100 Pharmaceutical Company

Messaging_Light

How to Address Cyber Threats

There are many simple, basic approaches to establish collaboration apps security in your organization:

However, companies will need a robust security solution, preferably one that can provide the following benefits:

  • Enforced consistent policy application to all third-party collaboration tool users, no matter the device or network used to communicate with distributed employees or partners.
  • Decreased MTTD/MTTR for all threats that arise across cloud-based collaboration and communication applications.
  • A system that identifies, flags, and quarantines hard-to-identify threats such as third-party risks, social engineering, malware, data exfiltration, and insider threats.
  • Centralized monitoring and response for threats across third-party cloud applications.
  • Context and intent detection through language-agnostic ML, flexible policy customization, and behavioral analytics.
spacing-1
Secure Teams on Digital Collaboration Apps
Manage cyber security & compliance for digital collaboration networks
Learn More
banner

You might find solutions that promise one of these capabilities, or even several, but it’s rare to find one that achieves all of these at once.

What would help, then, is to focus on key differentiating features that would be paramount to closing the security gaps of your business tools.

Here are features you should look out for:

AI icon

Agentless Architecture

Your solution should have a portable security layer extending to any instance, with visibility to detect internal and external message-level threats. Organizations benefit from rapid, scalable deployment, and gain time to value while eliminating the need to manage agents.

Visibility icon

Unprecedented Visibility

Protect business-critical cloud communication environments, on any network or device. An effective cybersecurity solution should also be efficient, ensuring rapid MTTD/MTTR capabilities for all of your collaboration communications is necessary.

Intelligence_DarkAgentless Architecture
 

Your solution should have a portable security layer extending to any instance, with visibility to detect internal and external message-level threats. Organizations benefit from rapid, scalable deployment, and gain time to value while eliminating the need to manage agents.

Visibility_DarkUnprecedented Visibility
 

Protect business-critical cloud communication environments, on any network or device. An effective cybersecurity solution should also be efficient, ensuring rapid MTTD/MTTR capabilities for all of your collaboration communications is necessary.

Remediation_DarkCustomizable and Automated Policy Engine
 

Policies that supervise threat detection and remediation response should be customizable at the admin level. Its distributed policy supervision should also have the ability to:

  • Distinguish user groups
  • Apply policies selectively to different groups, and;
  • Designate different reviewers for each group
ML_DarkLanguage Agnostic ML
 

With the help of machine learning, an exceptional security solution should be language-agnostic, enabling multi-region readiness, and scalability. Configurable and transparent for auditable environments, an ML-powered solution can determine which risks to prioritize and respond to first. Behavioral analytics should also be available.

Threat_DarkThreat Reporting
 

Finally, your cybersecurity solution should allow access to actionable risk analytics and behavioral analytics in a consolidated view of all your cloud apps.

 


 

According to Finances Online, the online collaboration market worldwide is expected to increase further to $13.5 billion by 2024, with “teamwork apps” currently being the strongest growth segment. Naturally, more bad actors will see this as an opportunity to exploit organizations using collaboration applications for critical business communications.

With that in mind, closing the security gaps in your business communication tools is paramount. Ensuring collaboration app security is essential to protecting your enterprise against social engineering, ransomware, third-party risks, and insider threats. Your organization’s resilience depends on it.

spacing-1
"The biggest conundrom for organizations, especially in highly regulated industries, is actually not really the technology. That's usually something that they’re able to pull in. The challenge is about getting everybody on the same page, and then having everybody be part of that equation. But if you can do that, it’s a game-changer. That’s where there is the excitement and the passion, and that focus opens up a lot of opportunity for everybody."

Francie Rawlings, Former Global Lead at Pfizer
Emerging Market Business Technology

ExecutiveProtection_Light_RGB
"In security, to be really good at the defense, you have to understand the offense."

Dr. Eric Cole
CEO, Secure Anchor

PODCAST_S02_E22_Dr.EricCole_v04-1
Collaboration Security Solutions Brief

Featured Customer Story

Get the solutions brief to learn how to protect against third-party risk, social engineering, ransomware, and insider threats. 

Download Now

Remediation icon

Customizable and Automated Policy Engine

Policies that supervise threat detection and remediation response should be customizable at the admin level. Its distributed policy supervision should also have the ability to:

  • Distinguish user groups
  • Apply policies selectively to different groups, and;
  • Designate different reviewers for each group
ML icon

Language Agnostic ML

With the help of machine learning, an exceptional security solution should be language-agnostic, enabling multi-region readiness, and scalability. Configurable and transparent for auditable environments, an ML-powered solution can determine which risks to prioritize and respond to first. Behavioral analytics should also be available.

Threat icon

Threat Reporting

Finally, your cybersecurity solution should allow access to actionable risk analytics and behavioral analytics in a consolidated view of all your cloud apps.

 
spacing-1
LEAD BUSINESS CHANGE WITH STRATEGIC PLANNING
 
Only 31% of organizations have a documented process for requesting a new app to be added to the approved list.
 

SafeGuardCyber Survey April, 2019

Executive
Information security is no longer just an IT issue. It’s an enterprise risk that affects every employee and every customer and, ultimately, the viability of the organization. Executives who lead business change do so by sitting down in the boardroom to give their fellow executives the confidence to make informed decisions around innovation and risk. They can bring the risk closer to home by conducting simulations, but it’s equally important that everyone around the table knows that the business cost of not using modern technology is often even higher than innovating quickly. Some studies placing the cost of failing to innovate at a 24% reduction in profitability.8
 
One of the best ways to lead business change is to embed information security team members in all core business processes. In larger companies, CISOs should delegate certain operations to specialists in each department who, in turn, report to executive management as part of an overarching information security strategy. This approach will not only help ensure that all corporate assets are accounted for; it will also help simplify risk management to drive faster innovation. By engaging with every facet of the organization, security teams will be better placed to lead business change and establish long-term development goals that help transform information security from a mere necessity to a growth enabler.
 
Secure Human Connections

Ready to see how SafeGuard Cyber secures modern communication apps wherever they exist?