Survey: Slack, Dropbox, Others Seen as Vulnerable to Cyberattacks


Most enterprise IT decision-makers believe enterprise communication and collaboration (EC&C) apps are vulnerable to cyberattacks despite increased use and investment.

That’s according to a survey conducted by Israeli cybersecurity firm Perception Point. Five-hundred respondents from medium and large enterprises with 1,000-plus employees across several industries took part.

“At work” EC&C apps include messaging and team collaboration platforms like Slack and Microsoft Teams, enterprise social networks like Yammer and Jive, shared virtual work spaces such as IntraLinks and SharePoint, and file sharing and syncing apps like Box, Dropbox and OneDrive. Dropbox declined comment when asked if it has incorporated cybersecurity.

Perception Point's Yoram Salinger

Perception Point’s Yoram Salinger

Yoram Salinger, Pereception Point’s CEO, tells Channel Partners that unlike email, EC&C apps like shared drives and messaging aren’t typically fortified with advanced security measures.

“This means that files and URLs shared in these channels aren’t being deeply scanned for malicious content,” he said. “Intrusions can occur when users interact with third parties on unmanaged endpoints, by hackers using impersonation techniques, and even by insider threats who have easy access. IT teams need to be aware that their attack surface is increasing as the adoption of these apps grows. While they remain very important business productivity tools, shared drives, messaging, and anywhere files or URLs that are exchanged need to be just as secured as email is.”

Nearly 80 percent of organizations having between two and 10 applications. Also, nine in 10 (90 percent) of respondents said use of these apps has increased in the last 12 months, while three in four (75 percent) said they are investing in more of these apps in the near future.

More than four in five (80 percent) respondents said that employees in their organizations share files and URLs via shared drives and messaging platforms; however, unlike the email, the majority of this content isn’t being scanned by existing security tools.

The survey found that two-thirds of all companies already have been attacked at least once in the past year, and 78 percent said the level of sophistication of these attacks is increasing. Attackers are using advanced hacking techniques to exploit security gaps and are often bypassing the more fortified access points, such as email.

“This clearly indicates that while email is still a highly favored vector, hackers are starting to spread their wings to take advantage of these unprotected channels,” Salinger said. “In the next few years, IT will need to start investing in third-party protection for these platforms.”

The survey also underscores the limited adoption of third-party security enhancements. Only 5 percent of companies have extended their built-in protection by using outside security vendors. Despite being the target of attacks via these channels, cybersecurity teams remain somewhat behind in fortifying their defenses, in large part due to limited discussion of the issue.

“There is now a big opportunity for IT to leverage the move to the cloud to streamline security portfolios with more holistic, agile solutions that are able to keep pace with the innovations of hackers and protect multiple channels without increasing costs, complexity or causing delays,” Salinger said. “IT needs to start adopting solutions that are built for the cloud enterprise, while also staying relevant within the threat landscape today and tomorrow.”

One comment

  1. Avatar Matthew July 27, 2018 @ 6:35 am

    This is why file sharing tools like ShareFile are so important. They focus on security as a core aspect of their functionality.

Leave a comment

Your email address will not be published. Required fields are marked *

The ID is: 105331