Spurred by digital transformations and the pandemic, businesses have moved a lot of meetings and communications—internally, externally and with customers—to workplace collaboration tools and cloud messaging apps such as Slack, Teams, WhatsApp and Zoom.
Companies today frequently discuss very sensitive topics over these apps with employees and customers. While communicating via these channels helps companies operate more efficiently, it naturally poses cybersecurity risks.
The increase in remote work has also compounded the security problem since home offices introduce the risk of cybersecurity issues that occur outside of a protected corporate network. . Since the beginning of the pandemic, cyberattacks involving remote workers have increased by 238%.
Business collaboration apps can be exploited in a number of ways. Slack, for example, makes use of encryption but doesn’t feature end-to-end encryption often because executives want to maintain visibility into communications among teams and channels. WhatsApp has also been exploited in a variety of social engineering attacks, and Telegram, which is particularly popular with financial services firms, has become a frequent target.
The vulnerabilities introduced by the use of these tools in the enterprise setting have created a new attack category—Business Communication Compromise, or BCC. BCC is an evolution of the more familiar category Business Email Compromise (BEC).
However, companies should not avoid using these new digital communication tools that improve their business; they can continue to use them while still protecting their brand equity and ensuring that company and customer data is safe. But they need to address the vulnerabilities first.
Attackers Exploit the Human Element
Employees, whether intentionally or accidentally, share sensitive information like login credentials, financial reports and even proprietary information when communicating in workplace collaboration tools. In BCC, cybercriminals target the full range of these tools to exploit that sensitive data.
According to Verizon’s 2022 Data Breach Investigation Report, 82% of data breaches involved the human element. An attack can start with a phishing email and then, if successful, move across other communication platforms like Slack or Teams. From there, an attacker could use a social engineering tactic like impersonation to get into the network and steal sensitive information.
To protect businesses, employees and customers in this new attack surface, organizations and their SOC teams need to gain greater visibility over business communication channels to identify and discover sophisticated social engineering attacks in all cloud channels.
Defeating Social Engineering Attacks with ML and AI
Unified visibility is essential to securing enterprise cloud-based environments, but when defending against social engineering attacks that are becoming more sophisticated, context is also critical. Because so many attacks employ language-based techniques, SOC teams need help from machine learning (ML) and artificial intelligence (AI) tools to understand the full breadth of business communications.
Recent advancement in ML and AI can help disrupt social engineering and phishing attacks in the initial compromise phase. These tools useAI and machine-reading comprehension to understand sentences in text or speech of messages without resorting to computer languages.
These tools can also analyze the intent and context of conversations occurring across multiple communication channels. Traditional cybersecurity tools rely on metadata-based activities to detect anomalies, but ML and AI based tools can analyze the language elements in conversations—such as context, topical elements and lexical features—to detect social engineering and language-based attacks.
An organization that maintains visibility across the array of its cloud-based collaboration tools and employs Natural Language Understanding (NLU) analysis is better able to detect attacks in their early stages.
Ensuring Secure Business Communication
Collaboration tools like messaging apps are vital to a company’s success, especially if it operates remotely and with employees spread across different regions. Business communication tools are indispensable in today’s distributed working environments, both for internal communication between team members and for external communication with customers. But their use has attracted the attention of attackers who successfully exploit their security weaknesses and tailor their attacks to specific communication platforms.
Protecting the brand equity of the company is of utmost importance when using collaboration tools. Customer data is sensitive, and one data breach can destroy a company’s reputation. As collaboration channels continue to play an essential role in business communication and operations, companies must prioritize securing these channels against threats.
Organizations can mitigate the risk by enforcing strict access controls that provide visibility into the business communication environment, implementing data loss prevention measures and training employees on how to handle sensitive information. But perhaps most importantly, ML and AI based tools can reveal the context and intent of language-based attacks across collaboration channels. If companies can identify suspicious behavior before it leads to a data breach, they can disrupt social engineering and phishing attacks earlier on in the kill chain, before it’s too late.
About the Author
Chris Lehman is CEO at SafeGuard Cyber. SafeGuard Cyber provides security and compliance for email and multi-channel communications. Stop social engineering attacks, insider threats, ransomware, and policy violations across email and workplace channels like M365, Slack, Salesforce, LinkedIn, Zoom, WhatsApp, Telegram, and more. For more information, please visit www.safeguardcyber.com
Featured image: ©Mila Supinskaya
