In a recent survey conducted by TechTarget’s Enterprise Strategy Group (ESG), it was found that the majority of organizations support the use of various communication and collaboration tools. A combined total of 82% of respondents stated that their organization has formally sanctioned six or more tools for use by employees. This indicates that organizations are increasingly relying on multiple channels for communication and collaboration.
However, the use of multiple tools also increases the risk of cybersecurity attacks. According to the survey, 16% of respondents estimated that their organization faces attacks targeting multiple channels on a daily basis, while 36% said such attacks occur weekly. Only 7% of respondents claimed that their organization has not been hit by any attacks of that sort. This highlights the importance of prioritizing enterprise communication security.
Dave Gruber, an analyst at ESG, emphasized the need for organizations to take communication security seriously. In a report published by ESG titled “Challenges in Securing an Overabundance of Communication and Collaboration Tools,” Gruber discussed some of the key survey findings and what they mean for IT and security teams. He noted that the use of multiple channels allows adversaries to trick end users into sharing sensitive information or clicking on phishing links, while evading IT and security teams who lack visibility and control over these additional channels.
Gruber also highlighted the importance of extending security controls beyond email to cover other communication and collaboration mechanisms. While email remains the foundation for business communication and collaboration, the hybrid work environment has led to the use of different devices and non-sanctioned tools. As a result, organizations need to ensure that their security controls can encompass these diverse channels.
The survey data revealed that organizations are recognizing the importance of securing communication and collaboration channels. 83% of respondents stated that better securing these channels is either a top or high priority for their organization. However, Gruber noted that while roughly 25% of organizations have taken steps to gain control over this threat vector, another 50% are still considering how to address it.
Interestingly, the survey showed that IT teams have more responsibility for enterprise communication security than security teams. Gruber explained that IT teams ultimately own the core IT infrastructure mechanisms, while security teams play an advisory role. However, as the threat landscape evolves and attacks become more sophisticated, security teams are paying more attention to communication and collaboration channels.
The survey also examined the approval ratings of native security controls in email applications. While these controls were generally well-received, Gruber emphasized the need for layered security and the use of third-party controls. He noted that while native controls continue to improve, they may not provide a 100% solution and there will always be a need for additional controls to keep up with evolving threats.
In conclusion, the survey highlights the importance of prioritizing enterprise communication security. Organizations need to recognize the risks associated with the use of multiple communication and collaboration tools and take steps to secure these channels. This may involve extending security controls beyond email, considering third-party controls, and implementing layered security measures. By doing so, organizations can better protect themselves against cybersecurity attacks and ensure the confidentiality and integrity of their communications.