Are collaboration tools a security risk?

A lack of security training on collaboration tools may be putting organisational security at risk, according to a new report from Mimecast.

Despite 96% of research respondents experiencing a threat via collaboration tools, most are failing to provide dedicated training on those very tools. The research is based on responses from over 500 employees and 100 Australian cybersecurity decision-makers across a range of sectors.

Overconfidence is dangerous

The Collaboration Security: Risks and Realities of the Modern Work Surface report found that cyber decision-makers are overconfident in the readiness of their organisations to combat cyber attacks via collaboration tools.

Eighty eight per cent of those surveyed felt their organisation had effectively communicated the security vulnerabilities of collaboration tools to their employees. This directly contradicts the fact that 38% claim they have not received any collaboration tools security training, and only 9% say they have received dedicated training separate from the wider cybersecurity training offered by their organisation.

Furthermore, decision-makers are not monitoring how employees utilise collaboration tools, in order to protect against threats. Only 30% monitor employee use of collaboration tools at least once a month — against a global average of 46%.

Since they are not specifically trained or monitored, almost a third (31%) of employees do not see themselves directly responsible for cybersecurity breaches via collaboration tools on their devices.

This means employees are more likely to let their guard down when using business collaboration tools. According to the research, employees are 13% less likely to check the legitimacy of attachment file names or URL links in private messages on collaboration tools than those on email.

Employees are at their most vulnerable when receiving a message from their line manager, with nearly two-thirds (62%) likely to click on a link to an unfamiliar website or source if it’s from someone they report in to.

The disconnect between confidence and reality is causing substantial impact

Even though cyber decision-makers believe their organisations are well equipped to combat collaboration tool-related cyber attacks, almost all (96%) of Australian organisations surveyed have experienced a threat via them. The most prevalent attacks are malware (67%), phishing (53%) and credential harvesting (37%).

The largest impacts of these cyber attacks on the business include loss of company data (53%), loss of potential customers (44%), damaged company reputation (42%) and disruption to regular operations (42%).

In addition, the financial cost of these attacks on organisations is significant with the average total being over half a million dollars (AU$901,088). Nine per cent of those surveyed estimate the total cost of collaboration tools-related attacks in the past year was over $1 million.

“As collaboration tools become an increasingly complex and growing threat vector, employee and decision-maker overconfidence will place Australian organisations at even greater risk,” said Garrett O’Hara, Director of Engineering at Mimecast.

“Without dedicated training or monitoring, risky behaviour on these tools is less likely to be picked up.

“This is where IT decision-makers have a vital role to play in securing these platforms and providing their employees with specific collaboration security training to protect their data. Educating employees about the security implications will ensure they are careful about what they click on or share via these tools. This will help organisations to reduce cyber risk and cost, all while training employees to truly be part of their collaboration security fabric and ensuring they’re able to work protected.”

Image credit: iStock.com/Aleksei Naumov