In 2022, cybersecurity grew as a top priority for businesses around the world following critical attacks on both the public and private sectors and of course, notably cyber warfare as part of Russia’s invasion of Ukraine, writes Steven Spadaccini, vice president of Threat Intelligence for SafeGuard Cyber.This year, says Spadaccini, organizations have spent significant time and resources attempting to mitigate the risks associated with business communication compromise (BCC), including phishing attacks and personally identifiable information leaks.Spadaccini is a senior cyber executive with more than 20 years of experience working for some of the highest-profile cybersecurity and technology companies in the world. Prior to joining SafeGuard Cyber, he held senior leadership positions at Absolute, Trend Micro, Imperva, FireEye (Trellix) and DTEX Systems, as well as several other cybersecurity startups.
If an employee feels like their security and compliance solution is curtailing their freedom to communicate effectively and efficiently, chances are they’ll find another way to circumvent the process and monitoring tools. According to a 2022 Business Communication Report, 45% of business communication happens in digital channels outside of email. This is a trend that will escalate in 2023.LinkedIn becomes the most prevalent non-corporate communication channel for data leaks due to new jobs on the market and the recession.Increased layoffs across the globe will lead to job seekers using messaging channels to communicate with potential employers, specifically LinkedIn messenger. Departing employees are far more likely to share critical information and data about their former employer in these communications.In many cases, job seekers will be looking for similar positions and will believe that sharing specific data from their former company will give them a leg up in landing their next gig.2023 will see an increase in email phishing campaigns that lead to third-party supply chain ransomware attacks against enterprise Slack or Teams platforms.Phishing attacks are becoming more collaborative and span multi-channel communications. An attacker will need to impersonate several communication platforms to gain trust from the target. Attackers are looking for any way into an organization. And they are becoming better at language-based attacks that travel across communication channels, making it easy to deliver ransomware in unmonitored collaboration applications.Attackers will use credentials acquired from the dark web to infiltrate a corporate communication channel like Zoom or Slack for a major financial institution, which will lead to compromising data about executives within the organization.Once an attacker obtains credentials, they will then log into a corporate channel that is not monitored and will be able to operate within it for hours unnoticed. This gives them ample time to observe and/or exfiltrate sensitive data.A similar real-world example occurred in September when an attacker compromised an Uber employee's credentials and then revealed themselves in the corporate Slack channel. There will be a direct correlation in 2023 of compromised accounts, either stolen or sold, that will be used to attack an organization in minimally observed communication channels.Corporate attacks and breaches through targeted personal communications go mainstream and drive tension between employees and employers.Social engineering attacks originating in employee-owned communication channels are highlighted in the news on a weekly basis. Cybercriminals are targeting high value employees on LinkedIn, Telegram and WhatsApp to infiltrate enterprises. Employers are struggling to enforce mandates and policies but will have to weigh the risk versus rewards.Ensure visibility across all communication channels Reducing the risk present in business communication tools begins with visibility. You can’t protect your organization from attacks you can’t see. Implement robust detection capabilities Once monitoring is in place, detection capabilities must be added to all communication channels. This must include the ability to detect the context and intent of human communications. Many of today’s attacks involve more sophisticated social engineering techniques, which are difficult to detect using traditional signature-based tools. Integrate response actions to block attacks With monitoring and detections in place, the final step to protecting against sophisticated BCC attacks is to add integrations with communication channels and IAM solutions to allow rapid response. This must include manual actions that security personnel can initiate, as well as automated actions when threat levels are high and/or risk to the business is significant.
Cybersecurity Predictions for 2023
In 2023, we will see malicious actors increase the frequency of and escalate tactics and techniques around communication, according to Spadaccini. To follow, are his top five predictions for business communication compromise in 2023.The death of email: Modern workforces will continue to choose unsecured communications channels.If an employee feels like their security and compliance solution is curtailing their freedom to communicate effectively and efficiently, chances are they’ll find another way to circumvent the process and monitoring tools. According to a 2022 Business Communication Report, 45% of business communication happens in digital channels outside of email. This is a trend that will escalate in 2023.LinkedIn becomes the most prevalent non-corporate communication channel for data leaks due to new jobs on the market and the recession.Increased layoffs across the globe will lead to job seekers using messaging channels to communicate with potential employers, specifically LinkedIn messenger. Departing employees are far more likely to share critical information and data about their former employer in these communications.In many cases, job seekers will be looking for similar positions and will believe that sharing specific data from their former company will give them a leg up in landing their next gig.2023 will see an increase in email phishing campaigns that lead to third-party supply chain ransomware attacks against enterprise Slack or Teams platforms.Phishing attacks are becoming more collaborative and span multi-channel communications. An attacker will need to impersonate several communication platforms to gain trust from the target. Attackers are looking for any way into an organization. And they are becoming better at language-based attacks that travel across communication channels, making it easy to deliver ransomware in unmonitored collaboration applications.Attackers will use credentials acquired from the dark web to infiltrate a corporate communication channel like Zoom or Slack for a major financial institution, which will lead to compromising data about executives within the organization.Once an attacker obtains credentials, they will then log into a corporate channel that is not monitored and will be able to operate within it for hours unnoticed. This gives them ample time to observe and/or exfiltrate sensitive data.A similar real-world example occurred in September when an attacker compromised an Uber employee's credentials and then revealed themselves in the corporate Slack channel. There will be a direct correlation in 2023 of compromised accounts, either stolen or sold, that will be used to attack an organization in minimally observed communication channels.Corporate attacks and breaches through targeted personal communications go mainstream and drive tension between employees and employers.Social engineering attacks originating in employee-owned communication channels are highlighted in the news on a weekly basis. Cybercriminals are targeting high value employees on LinkedIn, Telegram and WhatsApp to infiltrate enterprises. Employers are struggling to enforce mandates and policies but will have to weigh the risk versus rewards.
