Insider Dangers Are Hiding in Collaboration Tools

  /     /     /  
Publicated : 22/11/2024   Category : security


Insider Dangers Are Hiding in Collaboration Tools


The casual sharing of sensitive data, such as passwords, is opening the door to malicious insiders.



Digital collaboration technologies are accelerating productivity in the post-phone-call workplace, but tools like Yammer, Workplace by Facebook, and Slack have their dark side. While these channels can help speed group decision-making, they also serve as an enterprise blind spot for insider threats to do their worst – not to mention being open conduits for spreading negativity and toxic behaviors among the ranks. 
A new report out today from Wiretap measured the prevalence of insider risks from collaborative communication tools, both in public and private conversations. It found the platforms are rife with uncontrolled sharing of sensitive information and password sharing.  
In a study of over 1 million employee messages, the 
Human Behavior Risk Analysis
 report found that confidential information is shared in one out of every 118 public communications. Meantime, passwords are shared in one out of every 262 communications. Private communication channels are worse. Private conversation messages are 165% more likely to contain identification numbers and 76% more likely to contain passwords. 
Additionally, though they are relatively rare, negative and toxic communication between employees on these platforms also open up organizations to a number of risks. The study shows that one out of every 380 public messages receives a negative sentiment score, and private groups and one-on-one conversations were 1.5 times more likely to contain negative messages. Meantime, toxic communications containing sexual language, bullying, racial slurs, and other potential harassing modes of communication account for one out of every 170 messages. This not only opens up the organization to legal risks and drains on team morale, but also could be red flags for future malicious actors. 
Sentiment and toxic behavior are closely associated with insider threats, explains Jason Morgan, who led the research on the report and is vice president of behavioral intelligence for Wiretap. Dissatisfied or disgruntled employees are much more likely to act in ways contrary to an organizations interests. As a gauge of individual, group, or company mood, low sentiment scores can act as a leading indicator of possible future insider malfeasance. Happy people are more likely to act in the interests of the organization; unhappy people are more likely to cause problems.
Inappropriate communication and unauthorized sharing of sensitive data is hardly new, but the fact that these insider risks are transitioning to collaboration tools should raise the eyebrows of enterprises that have worked hard to mitigate insider risks in recent years. At this point, 
78% of organizations
 report some sort of active monitoring of phone, email, or Internet use. However, collaboration tools can often be a blind spot in the enterprise monitoring technology stack.  
The casual nature of communication on these channels promotes a greater level of sloppiness from a cybersecurity perspective, too.  
This creates a scenario where inadvertent actors may accidentally and negligently share sensitive data because they put something in writing they wouldnt ordinarily email to a colleague, the Wiretap report explains. Unfortunately, this also creates more space for malicious insiders to pray on those inadvertent actors.
These concerns will only grow in the coming years as collaboration tools continue to gain traction in the enterprise. According to 
a recent report
, 57% of organizations plan on increasing their spending on collaborative tools in 2018.
Related Content:
Privilege Abuse Attacks: 4 Common Scenarios
10 Social Engineering Attacks Your End Users Need to Know About
NSA Employee Pleads Guilty to Illegally Retaining National Defense Secrets
Rise in Insider Threats Drives Shift to Training, Data-Level Security
Why Cybercriminals Attack: A DARK READING VIRTUAL EVENT Wednesday, June 27. Industry experts will offer a range of information and insight on who the bad guys are – and why they might be targeting your enterprise. Go
here
for more information on this free event.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Insider Dangers Are Hiding in Collaboration Tools