South African businesses are failing to provide dedicated training on collaboration tools even though almost all of them (93%) have experienced a threat via their chosen tools, according to new research from Mimecast exploring the state of the collaboration tools market in relation to cybersecurity.
The new report – Collaboration Security: Risks and Realities of the Modern Work Surface – is based on responses from over 3 000 employees and 600 cybersecurity decision-makers globally across a range of sectors, including 500 employees and 100 decision-makers in South Africa, and gauges their understanding and conduct related to collaboration tool security within their organisations.
The survey found that cyber decision-makers are overconfident in the readiness of their organisations to combat cyberattacks via collaboration tools. Seventy-nine percent of those surveyed felt their organisation had effectively communicated the security vulnerabilities of collaboration tools to their employees. This directly contradicts the fact that 41% claim they have not received any collaboration tools security training – and only 8% say they have received dedicated training separate from the wider cybersecurity training offered by their organisation.
However, too few organisations are regularly monitoring employee use of collaboration tools to stop threats. One in five (20%) organisations monitor employee use of collaboration tools only monthly, with a further 13% monitoring them weekly, and only 9% conducting daily monitoring of collaboration tools.
Since they are not specifically trained or monitored, 17% of employees do not see cybersecurity breaches via collaboration tools on their devices as something for which they are directly responsible. This means employees are more likely to let their guard down when using business collaboration tools. However, South African employees are among those that feel most responsible for how they use collaboration tools of all markets surveyed.
According to the Mimecast research, one in five employees globally don’t check the legitimacy of attachment file names or URL links in private messages on collaboration tools. Encouragingly, South African employees are more vigilant than their global counterparts: only 10% don’t conduct any checks when receiving a private message on a business collaboration tool with a link of attachment.
However, employees are still vulnerable when receiving a message from their line manager, with seven in 10 (70%) South African employees likely to click on a link to an unfamiliar website or source if it’s from someone they report in to.
Most South African cyber decision-makers believe their own organisation is well equipped to deal with cyberattacks via collaboration tools. Almost three quarters (72%) of cyber decision-makers feel their organisation is very prepared or extremely prepared to deal with a cybersecurity breach via collaboration tools.
And yet, almost all (93%) of South African organisations surveyed have experienced a threat via collaboration tools. The most prevalent attacks are malware (64%), phishing (48%), credential harvesting (32%), and spoofing attacks (31%).
The largest impacts of these cyberattacks on the business include loss of company data (61%), damaged company reputation (41%), disruption to regular operations (39%) and significant downtime (37%).
In addition, the financial cost of these attacks on organisations is significant, with the average total being $519 624. One in 10 (9%) of those surveyed estimate the total cost of attacks via collaboration tools on their organisation in the past year is over $1-million.
Duane Nicol, senior product manager for awareness training at Mimecast, says: “As collaboration tools become an increasingly complex and growing threat vector, employee and decision-maker overconfidence will place organisations at even greater risk. Without dedicated training and monitoring, risky behaviour on these tools is less likely to be picked up.
“This is where IT decision-makers have a vital role to play in securing these platforms and providing their employees with specific collaboration security training to protect their data,” Nicol adds. “Educating employees about the security implications will ensure they are careful about what they click on or share via these tools. This will help organisations to reduce cyberrisk and cost, while training employees to truly be part of their collaboration security fabric and ensuring they’re able to work protected.”.