A survey has found that cyber decision makers are overconfident in the readiness of their organisations to combat cyberattacks via collaboration tools.
Collaboration Security: Risks and Realities of the Modern Work Surface, conducted by Mimecast, reveals that businesses are failing to provide dedicated training on collaboration tools, even though almost all (93%) have experienced a threat via them.
The UK research is based on responses from 500 employees and 100 cybersecurity decision makers across a range of sectors, and gauges their understanding and conduct related to collaboration tool security within their organisations.
Eighty two percent of those surveyed felt their organisation had effectively communicated the security vulnerabilities of collaboration tools to their employees. This directly contradicts the fact that 35% claim they have not received any collaboration tools security training, and only 10% say they have received dedicated training separate from the wider cybersecurity training offered by their organisation.
Furthermore, decision makers are not monitoring how employees utilise collaboration tools, in order to protect against threats. Less than a third (31%) monitor employee use of collaboration tools at least once a month.
Since they are not specifically trained or monitored, almost a third (32%) of employees do not see cybersecurity breaches via collaboration tools on their devices, as something for which they are directly responsible.
This means employees are more likely to let their guard down when using business collaboration tools. According to the Mimecast research, employees are 25% less likely to check the legitimacy of attachment file names or URL links in private messages on collaboration tools than those on email. Employees are at their most vulnerable when receiving a message from their line manager, with nearly two thirds (63%) likely to click on a link to an unfamiliar website or source if it’s from someone they report in to.
Even though cyber decision makers believe their organisations are well-equipped to combat collaboration tool-related cyberattacks, almost all (94%) of organisations surveyed have experienced a threat via them. The most prevalent attacks are malware (53%), phishing (38%) and credential harvesting (37%).
The largest impacts of these cyberattacks on the business, include loss of company data (59%), loss of potential customers (35%), loss of current customers (31%) and C-suite changes (20%).
In addition, the financial cost of these attacks on organisations is significant with the average total being over half a million dollars ($537,088). Eighteen per cent of those surveyed estimate the total cost of collaboration tools-related attacks in the past year was over $1 million.
“The modern workplace has experienced explosive change in a short period of time. Adoption of Microsoft Teams has never been higher due to hybrid work, making collaboration tools essential to productivity. But cybercriminals know this and are increasingly seeking to exploit this tool,” said Duane Nichol, Senior Product Manager for Awareness Training. “As collaboration tools become an increasingly complex and growing threat vector, employee and decision maker overconfidence will place organisations at even greater risk. Without dedicated training or monitoring, risky behaviour on these tools is less likely to be picked up.
“This is where IT decision makers have a vital role to play in securing these platforms and providing their employees with specific collaboration security training to protect their data. Protection for Microsoft Teams is designed to ensure that Microsoft 365 remains a productivity tool rather than a security risk, and educating employees about the security implications will ensure they are careful about what they click on or share via these tools. This will help organisations to reduce cyber risk and cost, all while training employees to truly be part of their collaboration security fabric.”