For the last three years Metrigy has gathered data from end user organizations on how they are handling the increasing threats to their communications and collaboration applications. And those threats are increasing. Among the nearly 340 participating organizations in this year’s study, 20.5% say they have had an attack on their communications, collaboration, and/or contact center platforms and applications in 2023. That represents an increase of almost 300% since we first started gathering this data in 2021.
While participants typically don’t share the details of their attacks, a wide range of vectors exist for those seeking to achieve financial gain or cause harm and disruption. Examples include:
- Toll fraud attacks designed to generate calls across unscrupulous network operators or allow attackers to use a company’s calling services for further attack
- User impersonation attacks using a combination of number spoofing, application token theft, and/or other information designed to gain access to customer or employee data, enabling financial theft, theft of company information, or business disruption. Attacks may also be based on theft of a person’s mobile phone SIM (an attack known as SIM swapping or SIM hijacking) allowing phone number takeover
- Spam phishing attacks that disrupt company communications by flooding phones with voice and/or text messages, often designed to commit fraud
- Dial-out attacks that spoof a company’s phone number and/or identity to fool customers into thinking they are engaging with a legitimate business
- Exfiltration attacks that exploit vulnerabilities in applications to gain steal company data
All of these attacks continue to rapidly evolve in size, scope, and sophistication, especially as AI allows for enhanced targeting as well as voice and video impersonation.
Lack of Enterprise Response
Unfortunately, enterprise efforts to combat rising attacks are not yet sufficient, in most cases, to address them. Among our participating companies, just 35.0% say they currently have a formal workplace collaboration security program covering all of their communications and collaboration applications. More encouraging, about 33% say they will have one by the end of this year and another 20.8% say they are evaluating creating one. However, these numbers are virtually unchanged from our early 2023 study. The reality is that creating a comprehensive security program is hard. It requires resources that are often constrained and that are more focused on day-to-day operations and reaction to incidents rather than a proactive effort to reduce them in the first place. Those that lack a proactive approach often find that they are unable to take advantage of emerging collaboration capabilities, and therefore may further harm security posture as employees seek out applications on their own, outside of IT control, to improve their ability to work with colleagues and customers.
Increasing Channels = Increasing Threats
The challenge in creating a comprehensive workplace collaboration security program is further exacerbated by the growing ways that companies communicate and collaborate, both internally as well as with partners and customers.
Gone are the days when companies primarily had to focus on email and phone systems (though those are still important). Today, the modern organization collaborates and communicates far more via messaging and video applications, as well as with customers via consumer social and messaging apps. Security approaches often fail to keep up with these changing dynamics. Indeed when we asked those who had, or were developing, a workplace collaboration security program to share the components of it, we found that protection against threats to remote workers dominated the list. Phone-specific threat prevention was near the bottom, and few had included outbound calling protection within their plan.
Third-Party Platforms Can Help, If They Are Adopted
Among those with the highest ROI for their collaboration investments, 42.2% have invested in third-party security platforms (compared to 32.3% of those with no measured or low ROI, demonstrating their value. Most third-party platform investment is to monitor and protect their document and messaging platforms from attack. Just 40% leverage services to prevent toll fraud, and just 26.2% invest in other voice security management platforms to combat attacks such as caller ID spoofing and SIM hijacking.
Achieving Success
Clearly, implementing a successful workplace collaboration strategy requires a proactive approach that identifies threats and that implements appropriate policy and defense mechanisms to minimize risk. The workplace collaboration and communications security space is one that is rapidly emerging as vendors increase capabilities to monitor a wide variety of channels, to identify inbound fraud attempts, to combat AI-generated attacks, and to ensure outbound caller identity. Security, IT, and business leaders must take an aggressive approach to ensuring that their platforms are protected, and that they are positioned to take advantage of emerging security approaches as they become available.
About Metrigy: Metrigy is an innovative research and advisory firm focusing on the rapidly changing areas of workplace collaboration, digital workplace, digital transformation, customer experience and employee experience—along with several related technologies. Metrigy delivers strategic guidance and informative content, backed by primary research metrics and analysis, for technology providers and enterprise organizations