Communication platforms are an essential part of how organizations work together today. They allow teams to work efficiently regardless of location – which has become increasingly important in recent years. Today, many online collaboration tools are offered as Software-as-a-Service (SaaS) solutions that make it easier for teams to communicate and collaborate. As these solutions have grown in importance, they have become a new target for attackers.
Platforms like Slack and Microsoft Teams have gained popularity around the world to improve collaboration and communication, and they bring with them the security challenges we’ve learned to expect when adopting innovative technologies. While the platforms themselves are secure — and both Slack and Teams offer robust security features — the way organizations use them can expose them to various types of attacks that exploit misconfigurations, insecure practices, third-party applications, and inevitable user error . Security teams are now finding it difficult to detect and respond to attacks on communication and collaboration platforms, hampered by limited security processes, lack of relevant skills and limitations of available technology.
The changes in the communication and knowledge management stack are also changing the culture in many organizations. In some organizations, Slack has become the primary communication channel — including document sharing, video calling, and chat. It replaces email for many tasks and embeds itself into users’ daily lives. Similarly, Teams includes a set of integrated solutions that provide all of these capabilities. The platforms are increasingly becoming primary sources of knowledge, replacing knowledge management repositories. Today, these platforms contain much more sensitive information than even the company’s email system or the internal knowledge management system.
Like any other technology platform, Slack and Teams can serve as the basis for attacks that exploit built-in features, insecure usage, and misconfigurations. While email has an ecosystem of security solutions and known best practices, many newer communication platforms have only a subset of these security solutions and practices.
For too many years, phishing attacks have caused users to be suspicious of ordinary email, verify the authenticity of new email, and use chat platforms to verify the legitimacy of an unusual message. However, few users suspect messages from a colleague in Slack or Teams. This means an attacker can use a single compromised account, as was the case with the EA breach, to fool others and gain elevated privileges or access. In addition, open channels and groups encourage conversations, and messages shared there are stored indefinitely and are accessible to a compromised account. An attacker can scan these messages for information that they can exploit, such as: B. secret keys or passwords.
While Slack and Teams are excellent platforms that make business more efficient and collaborative, every platform we use – including email, file collaboration and video conferencing – comes with potential risks. Understanding and preparing for these risks can help organizations become more secure and resilient to these attacks.
Here are the five points that can help security teams prepare for a potential breach of Slack or Microsoft Teams:
- Culture: Don’t underestimate how an organization’s culture can impact security. Define a policy about what types of groups should remain public or private, then enforce and inform users of that policy.
- Permissions: Third-party applications often request extensive permissions. Make sure the team limits them to the minimum permissions needed to limit the impact of a third-party breach. It’s all too easy to forget what those apps have access to, so limiting it in advance will save stress later.
- Fuses: If Slack or Teams serves as the knowledge management repository in the organization, consider it a critical asset. Make sure the team sets up backups in the platform, either natively or through a third party.
- Security features: At a minimum, ensure teams require multi-factor authentication (MFA), directly or through a single sign-on (SSO) solution. Enable the security features available on the enterprise platform, including additional encryption, compliance, and security management.
- Forensic science: Think of forensic analysis as the foundation of any major security breach response, so collect, analyze, enrich, and store logs for Slack or Microsoft 365. This accelerates incident investigation and response, allowing the team to catch up with the security breach as quickly as possible minimal effort can curb impact.
The time the security team spends today thinking about the potential challenges and security risks of a security breach in their communication and collaboration platforms will help the organization prepare for it. These five tips will help if—or when—the organization’s communication and collaboration platforms are compromised by an attacker, and help the organization quickly get back to normal business operations.
Ofer Maor, Co-founder and Chief Technology Officer of Mitiga