Growing Concerns in Cybersecurity: Evolving Threats Beyond Email
In an evolving landscape of cybersecurity, industry leaders are increasingly alarmed about their organizations’ capabilities to detect and respond to threats, particularly as cyber-attackers pivot away from traditional email channels towards collaboration platforms like Slack and Microsoft Teams. Recent research conducted by KnowBe4 underscores a significant gap in confidence among organizations regarding their visibility across these non-email communication channels.
An in-person survey involving 169 cybersecurity professionals at Infosecurity Europe 2026 highlighted that a staggering 50% of respondents expressed a lack of confidence in their ability to detect threats across messaging and social platforms. Despite the alarming realization that 60% believe cyber-attacks are already migrating away from email, many organizations still appear ill-prepared to safeguard their digital environments.
The findings from the Infosecurity Europe survey further revealed that over half of the cybersecurity professionals identified non-email channels—such as Slack, Microsoft Teams, social media, and WhatsApp—as being the "most vulnerable" to cyber threats. This acknowledgment indicates a growing awareness among organizations that cyber threats are proliferating across a diverse array of communication platforms, making it imperative for them to adapt their security strategies.
Phishing emails continue to secure their position as the predominant threat faced by organizations, with 61% of respondents agreeing that such attacks pose the highest risk, even when juxtaposed against emerging threats like AI-generated attacks, insider threats, and various forms of malware. According to the study, while multi-channel attack strategies are on the rise, email remains labeled as the most ‘risky’ work-based communication channel.
Nevertheless, the survey results revealed an interesting dichotomy. Although respondents ranked email as the riskiest, they expressed the highest confidence in their organizations’ capacity to thwart attacks originating from this channel—83% indicated they felt secure in their defenses against email threats. In stark contrast, the confidence levels significantly dropped for non-email platforms: only 61% felt secure against attacks on Microsoft Teams, and even lower percentages for social media (51%), SMS/WhatsApp (50%), and Slack (40%).
Javvad Malik, lead CISO advisor at KnowBe4, provided critical insight into the shifting dynamics of cyber threats. He noted, “As email security awareness has improved, cybercriminals have had to shift their tactics to other trusted communication channels.” This highlights a crucial need for organizations to recognize that their defenses must also encompass collaborative tools, which present new opportunities for attackers to exploit the inherent trust in workplace interactions.
Malik added that the rise of artificial intelligence is exacerbating the challenge, as cybercriminals employ AI to craft more convincing phishing attempts, impersonation schemes, and social engineering tactics that are becoming increasingly difficult to detect. To counter this evolving threat landscape, he emphasizes that organizations must equip their employees with the necessary skills to recognize threats, regardless of where they manifest. Investing in robust monitoring tools capable of detecting and responding to potential threats across collaboration platforms is also critical, rather than solely relying on traditional email security measures.
Despite the pressing need for such adaptations, the research indicated a troubling trend in organizational training practices. While most organizations do provide some form of cybersecurity training beyond email, only 41% conduct such training regularly. Alarmingly, 13% admitted they never train users on recognizing threats specific to platforms like Teams, Slack, or SMS technologies. This illustrates a sizeable gap in preventative measures, potentially exposing organizations to higher risks.
In summary, as cyber threats continue to diversify and become more sophisticated, organizations must acknowledge the gravity of the situation and embrace a more comprehensive approach to cybersecurity. This includes enhancing their surveillance of non-email communication channels and providing regular training for employees to ensure they remain vigilant against evolving threats. By taking proactive measures, organizations can safeguard their digital assets and mitigate the risks posed by increasingly elusive cyber adversaries.