The Changing Nature of Work
of North American office workers worked from home more than one day per week
had not worked remotely prior to COVID-19
of workers prefer a hybrid work environment
lower absenteeism
fewer quality defect
higher profitability
lower absenteeism
fewer quality defect
higher profitability
Technical Requirements
Secure Infrastructures
Flexible work environments require access to on-premises systems and data, and therefore most enterprises rely on employees using a VPN. However, organizations can’t trust that workers will always use these secure channels. If an employee is using a mobile phone, he or she might forget to use the VPN and employ an unsecured wireless network instead, exposing corporate systems and data to risk.
During the pandemic, threat actors realized that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates cyber attacks jumped 238% globally between February and April 2020.
Technical Requirements
Secure Infrastructures
Flexible work environments require access to on-premises systems and data, and therefore most enterprises rely on employees using a VPN. However, organizations can’t trust that workers will always use these secure channels. If an employee is using a mobile phone, he or she might forget to use the VPN and employ an unsecured wireless network instead, exposing corporate systems and data to risk.
During the pandemic, threat actors realized that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates cyber attacks jumped 238% globally between February and April 2020.
NEW ROLE OF THE CISO
Over 80% of security professionals believe social media, mobile messaging, or collaboration apps present medium to high risks to their organization.
SafeGuardCyber Survey April, 2019
Secure Infrastructures
Flexible work environments require access to on-premises systems and data, and therefore most enterprises rely on employees using a VPN. However, organizations can’t trust that workers will always use these secure channels. If an employee is using a mobile phone, he or she might forget to use the VPN and employ an unsecured wireless network instead, exposing corporate systems and data to risk.
During the pandemic, threat actors realized that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates cyber attacks jumped 238% globally between February and April 2020.
Text
Secure InfrastructuresFlexible work environments require access to on-premises systems and data, and therefore most enterprises rely on employees using a VPN. However, organizations can’t trust that workers will always use these secure channels. If an employee is using a mobile phone, he or she might forget to use the VPN and employ an unsecured wireless network instead, exposing corporate systems and data to risk.
During the pandemic, threat actors realized that insecure home networks and a lack of security controls typically found on corporate networks could work to their benefit. The World Economic Forum estimates cyber attacks jumped 238% globally between February and April 2020.
Collaboration and Communications ApplicationsOrganizations also increasingly rely on cloud-based collaboration platforms and personal communications technologies to connect teams across regions and time zones.
With the sudden onset of the pandemic, many organizations abruptly switched to remote work and found themselves having to allow technologies like MS Teams, Slack, Zoom and Webex on a scale they were uncomfortable permitting earlier. At the time, many IT leaders believed these solutions would be temporary and they’d quickly go back to "normal."
Now, more than a year later, not only are organizations continuing to use these technologies, but they’re doubling down. Yet, they still have no way to keep these systems secure from third-party risks. For example, a recent attack against EA Games involved infiltrating the company’s Slack instance and launching a fileless social engineering scheme to gain access to the network, resulting in the theft and exfiltration of highly-valuable intellectual property.
Communications SolutionsSimilarly, IT once viewed communications solutions like WhatsApp and WeChat as personal apps. Because corporate teams had zero visibility into them, they would not allow employees to do business on them. But in some critical emerging markets, only a small percentage of people use email. Most use mobile chat applications like WhatsApp. It has become a business imperative to use the local technology.
New Security Challenges
These collaboration and communications tools present significant data governance and security challenges for large organizations. In a survey by SafeGuard Cyber:
- 78% of cybersecurity leaders express an inability to protect all communication channels and digital assets6
- 46% say collaboration tools represent the biggest security challenge
- 1 in 3 say their biggest challenge is mobile chat apps, WhatsApp, WeChat, Telegram
- 1 in 5 say their biggest challenge is Video meetings (Zoom, Webex, etc. )
Hybrid work environments will only increase the challenges. As employee devices and laptops move onto the corporate network and then back home where they can be exposed to hackers and more easily infected with malware and ransomware, it will be difficult for security teams to protect employees from threats, detect and respond to insider threats, or stop malware and ransomware.
Joseph Blankenship
VP, Research Director
SGC Q: Work from anywhere is here to stay. How enterprise employees communicate has evolved to using a variety of cloud communication channels to get the job done. How do cloud collaboration, social media, and mobile messaging applications impact the way security teams protect enterprise data and people?
JB A: Users are bombarded with messages and requests daily, and it’s easy for them to become distracted or make the wrong decision in the moment. It’s not sufficient to leave data security to users. They need security controls that protect them from accidentally sharing data outside of policy or responding to social engineering techniques. Security teams have not widely deployed controls for collaboration, messaging, and social media like they have for enterprise applications like email. Protection has to evolve to include other means of communication and data sharing to reduce risk.
SGC Q: Attacker techniques and tactics are becoming more sophisticated even as workforce employees share more personal and enterprise information on channels like LinkedIn and WhatsApp. What’s the risk versus reward of the security team enabling more modern business communication channels?
JB A: Work From Anywhere increased dependence on messaging and collaboration tools – with internal and external users. While this does empower our ability to communicate more effectively in real time (since we can’t pop over to someone’s desk anymore), it did introduce risk. Users share all kind of sensitive data in these tools – intellectual property, PII, PHI, and sensitive internal correspondence. Opening collaboration tools up externally introduces all the risks we already experience with email – phishing, accidental data loss, and account compromise. This means we have to balance the benefit of real-time communication with contractors, vendors, and partners who may be external to the organization with the risk that the collaboration and communication tools may be misused. If users inherently trust the tool, they become more susceptible to attacks like social engineering since they aren’t necessarily looking out for attackers or malicious behavior in those channels.
SGC Q: Lapsus$ stealing source code, Twilio compromised, Axie Infinity robbed of half a billion dollars. It wasn’t zero days or custom exploits. So many headline-making breaches in 2022 came down to social engineering employees. Can you comment on this trend and provide insight into how security teams can and should calibrate their strategies to mitigate these risks?
JB A: Social engineering is arguably the oldest hacking technique. It predates the internet and even computers. What’s changed is that the connectivity made it easier for attackers to reach a wider number of victims, and the victims rarely ever meet the attackers in the real world. Social engineering works because it preys on users’ emotions and desire to be helpful. Attackers, just like old-school conmen, gain their victims’ trust or bully them into taking an action without carefully considering it. Security strategies have to evolve so that they don’t rely only on the user making the right decision in the moment. They need to include real-time education and the ability to stop users from taking risky actions.
SGC Q: Is security training enough to combat social engineering? If not, how does it need to evolve, and what is the correct balance between controls and security awareness training to defend against social engineering?
JB A: Awareness of social engineering and social engineering techniques alone has not proven effective. Users may forget what they’ve learned or think that the person targeting them is trustworthy. That means security teams have to design interventions that keep users from giving up sensitive information (especially account credentials), clicking on links, or downloading files. Those controls have to work in the moment to stop users from falling victim to attacks. At the same time, the controls can’t introduce so much friction as to constantly interrupt work or encourage users to circumvent the controls. Controls should be risk-based, so they are only disrupting users that exhibit risky behaviors and are taking risky actions.
SafeGuardCyber Survey April, 2019
SafeGuardCyber Survey April, 2019
SafeGuardCyber Survey April, 2019
Benefits
With SafeGuard Cyber’s agentless architecture, organizations benefit from:
Faster MTTD/RGain unprecedented visibility to respond to internal and external threats in hard-to-see places like direct messages and group channels. Reduce detection and response times in the cloud infrastructure where work gets done.
Rapid Time to ValueBe up and running in hours not days. Organizations no longer have to configure agents.
Integrated DefenseConnect our agentless security platform into your existing cyber defense systems, feeding event data and telemetry into your EDR and SIEM solutions.
SafeGuard Cyber is the most comprehensive integrated cloud communications security platform to address cybersecurity threats and compliance risks across today’s modern cloud workplace. Through a combination of unified visibility, contextual analysis, and multi-channel investigations and detections, SafeGuard Cyber mitigates risks in email, mobile and web messaging apps, collaboration apps, and social media.
Powered by Natural Language Understanding (NLU) and patented Social Engineering Detection technologies, the SafeGuard Cyber platform reduces investigation and detection hours to minutes while providing resolution of social engineering and language-based attacks in over 50 languages.
