Cyber Investing Outlook 2023: Betting Big to Secure the Future of Work

By Dave DeWalt, Founder and CEO, NightDragon

The last few years have been rough, and many businesses have had to navigate one crisis after another, each more monumental than the last. From a global pandemic that kept most of the world’s population locked in their homes, to an economic crisis that many predict could debilitate global markets, the start of our current decade hasn’t been easy.

Enterprises too have felt the impact of these crises and had to adapt to the new realities of remote work. In many cases, this included the adoption or increased use of collaboration tools that support productivity and connectivity, such as Zoom, Microsoft Teams, Slack and more. These tools have become the go-to resources for our new digital workforce.

However, with the new opportunities created by remote work comes new security risks. Industry experts are discovering increasing concerns related to how security gaps in collaboration tools have created significant risk and privacy-related concerns for users. For example, a flaw in Teams opened a security loophole for hackers to easily exploit credentials and gain access to a user’s account. While these new tools support our working environment, enterprises must proceed with caution and stay focused on all forms of business communication - this includes the likes of Zoom, Teams, Slack, WhatsApp and even social media.

As remote work proves likely to stick around, with organizations planning for their remote-capable workforce to include 55% hybrid workers, 22% fully remote workers, and 23% fully on-site workers, there is an immediate and growing opportunity for startups and investors alike. Email is no longer the only communication channel at risk, and many existing solutions in this category fall short of protecting these additional channels in today’s digital environment - opening the door of opportunity for innovative startups and savvy investors to close the gap.

Legacy tools come up short

Traditional email security tools are limited in their capabilities and are unable to address the following three areas:

• Lack of Context - Email security tools typically operate on a content filtering basis and may not take into account the context of the communication. This can lead to false positives and false negatives, resulting in missed risks or unnecessary alerts.
• Evolving Threats - Cyber threats are constantly evolving, and new attack techniques are emerging regularly. Email security tools may not be able to keep up with these changes or may not be designed to address emerging threats.
• Integration and Coverage - Integration and Coverage: Email security tools may not be well integrated with other security solutions in an organization or may not provide comprehensive coverage of all communication channels used by a business.

The solution is not a complete rip-and-replace scenario - but rather, companies can leverage existing tools in combination with other enhanced solutions to provide more comprehensive coverage. “Companies today need a holistic communication risk management strategy that addresses these issues head-on across all channels. Collaboration tools are the new frontier for attackers and enterprises that close that gap can better capitalize on the increased productivity and efficiencies without the added risk,” said Chris Lehman, CEO of SafeGuard Cyber, a cloud communications security and compliance platform.

Insiders Threatening Business Communication Channels

Recent data shows that 74% of organizations have seen the frequency of insider threats increase over time and defenses against these attacks can’t keep up as detecting them is harder in the cloud. These threats can include compromised accounts/machines, inadvertent data breaches/leaks, negligent data breaches, or even malicious data breaches.

Since mobile chat, social media and collaboration tools have become an integral part of modern business communications, employees are (once again) using multi-channel communication channels to get their job done. The risk is that social engineering happens across these channels and whether or not it is intentional, confidential data is often shared.

For example, after breaching Uber’s network last September, a hacker gained access to an Uber employee’s Slack account and used the messaging platform to notify the company of the attack. Following the hack, The New York Times reported “a person claiming responsibility for the hack sent images of email, cloud storage and code repositories to cybersecurity researchers and The New York Times.”

It is, therefore, crucial for companies to implement comprehensive security measures to protect their data, including employee training on best practices for secure communication and access control. Failure to do so can result in significant financial and legal consequences, highlighting the need for companies to remain vigilant in this area. It was only last September that the Securities and Exchange Commission (SEC) charged 16 Wall Street firms with widespread recordkeeping failures, ordering them to pay regulators $1.1 billion in penalties for not monitoring employees using unauthorized messaging apps.

Where do we go from here?

There is no silver bullet. But enterprises should be exploring ways to gain visibility into approved business communication channels, machine learning, and data correlation as a preliminary step towards resolution. This trifecta can help predict potential threats, vulnerabilities and their impact while identifying malicious campaigns.

The good news: with every new threat vector in the past, we have seen innovation emerge to meet the new risk area at hand. New market categories were created to keep up with the activity of cybercrime, unicorns emerged and went on to prosper. The new attack surface created by remote work is no exception and we will continue to see companies grow and drive innovation in this area.

The views and opinions expressed herein are the views and opinions of the author and do not necessarily reflect those of Nasdaq, Inc.

Other Topics

Technology Innovation