Cybersecurity professionals are all too aware that email remains the primary vector through which malware gets delivered inside their organization. But there’s a growing communications trend that is seeing end users increasingly move away from email in favor of collaboration platforms such as Slack or services such as Google Drive that allow them to share files that previously would have been attached to an email.
In theory, at least, cybersecurity professionals should be inclined to encourage that shift. But a new survey of 500 IT decision makers conducted by Perception Point, a provider of tools for preventing attacks being launched by files or URLs, finds 80 percent of the IT decision makers surveyed believe alternative collaboration services are also vulnerable to cyberattacks.
Usage of these services is exploding across the enterprise. Almost 80 recent of survey respondents say their organization is making use of between two to ten of these services. The survey also finds 90 percent of respondents report usage of these services has increased in the last 12 months, while 75 percent plan to investing more in them in the short term.
While email is still the most widely employed method for launching a cybersecurity attack it’s only a matter of time before cybercriminals look to exploit alternative communication channels. Organizations are getting better at securing email. As email becomes a less effective method for launching cyberattacks, cybercriminals will look to exploit what from their perspective appear to be new malware distribution channels. Cybersecurity professionals are naturally concerned because compared to email they have little to no visibility into how the services are being employed by end users. It doesn’t take much to infest malware in a Microsoft Word document that potentially winds up being shared by hundreds of end users.
Cybersecurity professionals are not, of course, going to be able to chase end users back to email. End users are voting with their feet to rely on alternative services because they make them more productive. What they can do is make sure that end users need to be conscious of the need to scan documents for malware before they share them on a communications channel, especially if that channel is a consumer-grade service that only commits to making a best effort when it comes to cybersecurity.'When it comes to cybersecurity, end users are always going to be their own worst enemies.' ~@mvizard Click To Tweet
Tension between end users trying to be as productive and cybersecurity professionals tasked with protecting the organization are nothing new. But as the number of communications channels available to end users proliferates, it’s clear cybersecurity professionals are again finding themselves in an untenable position. They can advise end users not to employ specific services, but very few cybersecurity professionals have a strong enough mandate inside their organizations to enforce a rule that would prevent end users from accessing Slack on a corporate network. Even when they do have power to enforce such a rule, end users will simply access those services outside the office regardless of any rule. They intuitively know the organization can’t fire them all for breaking the same rule.
Cybersecurity professionals may not always appreciate that reality. But every one of them also knows in their hearts that when it comes to cybersecurity end users are always going to be their own worst enemies.
Mike Vizard has covered IT for more than 25 years, and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.