Risk awareness: How risk assessment is too often lacking as part of organisational cybersecurity measures

0


A business centre in the heart of London. Image. — © Tim Sandle.

As we begin to enter into the Christmas season and the New Year, it remains important to recognise that the greatest cybersecurity threats often emerge from within, particularly in our increasingly digitised work environments.

The 2023 Risk Assessment Report from Aware reveals illuminating insights about the vulnerabilities present in commonly used collaboration platforms like Slack, Zoom, and Teams. The analysis of 6.6 billion messages shows a worrying trend in terms of images and screenshots being statistically more likely to include sensitive data (as an example passwords, appeared in around one in one thousand images).  

It also stands that 37 percent of all messages include at least one piece of personal identifiable information (PII) like Bank Numbers, Driver’s Licences, and Social Security Numbers. While many organizations have robust security measures for email and the Internet, collaboration tools remain a blind spot.

Looking at these and other findings from the survey is Aware’s Chief Technology Evangelist, Chris Plescia.

Plescia explains how his team of data and behavioural scientists has reviewed, normalised, enriched, and analysed over 6.6 billion real collaboration messages to benchmark the risk in today’s collaboration data.

One pattern that emerged is with how organizations are moving beyond just chatting in collaboration tools. These toolsets are now at the centre of a new enterprise workflow, with 15.4 percent of messages originating from integrated third-party applications. As collaboration tools are increasingly adopted across the enterprise, employees are beginning to self-police.

For example, in 2018, 1 in 262 messages included passwords. Today, that’s down to 1 in 5000. However, screenshot sharing has increased significantly since 2018, and are statistically more likely to include sensitive information than traditional images.

In addition to the risk profile, insider threat exposure is on the rise. Collaboration tools are filled with blind spots where even administrators struggle to gain visibility. Over 90 percent of all messages sent in collaboration platforms occur in private or restricted channels. The research found that 1 in 17 messages contain 3+ pieces of sensitive data, including intellectual property, code, credentials and more, and in those channels these messages can be stored indefinitely.

To create a more secure workplace, Plescia recommends:

Streamline Information Governance

Satisfy stakeholders across the enterprise and remain audit-ready by unifying management of collaboration data across your ecosystem into one immutable archive.

Ensure External and Regulatory Compliance

Maintain and preserve your data, avoid financial penalties, and comply with record-keeping provisions.

Enforce Acceptable Use Requirements

Stay ahead of reputational threats and minimize litigation risks by identifying unauthorized information sharing, toxicity and more.


Risk awareness: How risk assessment is too often lacking as part of organisational cybersecurity measures
#Risk #awareness #risk #assessment #lacking #part #organisational #cybersecurity #measures

Leave a Reply

Your email address will not be published. Required fields are marked *