Are Apps Like Slack And Dropbox Actually Vulnerable To Attack?
According to a recent survey report, many big IT decision-makers see Enterprise Communication and Collaboration (EC&C ) apps like Slack, Dropbox, etc as being vulnerable to cyberattack. The survey was conducted by Israeli cybersecurity firm Perception Point and comprised five hundred respondents representing different industries. The respondents were from medium and large enterprises that had 1000-plus employees. The survey covered “at work” EC&C apps (Slack, Microsoft Teams etc), enterprise social networks (Yammer, Jive etc), shared virtual workspaces (IntraLinks, SharePoint etc) and file sharing and syncing apps (Dropbox, OneDrive etc).
A Channel Partners report, which discusses the Perception Point survey report in detail, says, “Yoram Salinger, Perception Point’s CEO, tells Channel Partners that unlike email, EC&C apps like shared drives and messaging aren’t typically fortified with advanced security measures. “This means that files and URLs shared in these channels aren’t being deeply scanned for malicious content,” he said. “Intrusions can occur when users interact with third parties on unmanaged endpoints, by hackers using impersonation techniques, and even by insider threats who have easy access. IT teams need to be aware that their attack surface is increasing as the adoption of these apps grows. While they remain very important business productivity tools, shared drives, messaging, and anywhere files or URLs that are exchanged need to be just as secure as email is.”
It’s also reported that almost 80% of organizations have between 2 and 10 of these apps; 90% of all respondents surveyed have stated that the use of these EC&C apps has increased in the past one year. More interestingly, 75% of the respondents have decided to invest in more of these apps in the near future. This is to be viewed with some concern as most of these apps, as Yoram Salinger points out, don’t have advanced security. To be noted is the fact that almost 80 percent of all respondents in the survey have confirmed that shared drives and messaging platforms are used by employees in their organizations to share files, URLs etc. This causes concern as content sent through these shared drives and messaging platform are mostly left unscanned by the existing security tools.
The Perception Point survey report also says that two-thirds of the companies covered in the survey have faced a cyber attack at least once in the past one year. 78 percent of companies felt that the attacks are becoming increasingly sophisticated and that the hackers are not employing advanced hacking techniques to exploit vulnerabilities. They also manage to bypass the more fortified access points (like email) very often. This seems to indicate that cybercriminals are now targeting such unprotected channels (the EC&C apps) along with targeting emails as well. So organizations would definitely have to think of ways to protect these platforms as well.
The survey report also points out something very notable. Of all the companies covered in the survey, only 5% have used outside security vendors to extend their built-in protection. Despite these apps being targeted by attackers, companies and cybersecurity teams seem to be a bit indifferent in securing them. It seems that more discussion has to happen regarding these and only such discussions could perhaps make companies fortify defenses regarding these channels.
The Channel Partners report once again quotes Perception Point CEO Yoram Salinger, who says- “There is now a big opportunity for IT to leverage the move to the cloud to streamline security portfolios with more holistic, agile solutions that are able to keep pace with the innovations of hackers and protect multiple channels without increasing costs, complexity or causing delays. IT needs to start adopting solutions that are built for the cloud enterprise, while also staying relevant within the threat landscape today and tomorrow.”
Julia Sowells408 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.