Connect with us

Hi, what are you looking for?


Risk awareness: How risk assessment is too often lacking as part of organisational cybersecurity measures

As collaboration tools are increasingly adopted across the enterprise, employees are beginning to self-police.

A business centre in the heart of London. Image. — © Tim Sandle.
A business centre in the heart of London. Image. — © Tim Sandle.

As we begin to enter into the Christmas season and the New Year, it remains important to recognise that the greatest cybersecurity threats often emerge from within, particularly in our increasingly digitised work environments.

The 2023 Risk Assessment Report from Aware reveals illuminating insights about the vulnerabilities present in commonly used collaboration platforms like Slack, Zoom, and Teams. The analysis of 6.6 billion messages shows a worrying trend in terms of images and screenshots being statistically more likely to include sensitive data (as an example passwords, appeared in around one in one thousand images).  

It also stands that 37 percent of all messages include at least one piece of personal identifiable information (PII) like Bank Numbers, Driver’s Licences, and Social Security Numbers. While many organizations have robust security measures for email and the Internet, collaboration tools remain a blind spot.

Looking at these and other findings from the survey is Aware’s Chief Technology Evangelist, Chris Plescia.

Plescia explains how his team of data and behavioural scientists has reviewed, normalised, enriched, and analysed over 6.6 billion real collaboration messages to benchmark the risk in today’s collaboration data.

One pattern that emerged is with how organizations are moving beyond just chatting in collaboration tools. These toolsets are now at the centre of a new enterprise workflow, with 15.4 percent of messages originating from integrated third-party applications. As collaboration tools are increasingly adopted across the enterprise, employees are beginning to self-police.

For example, in 2018, 1 in 262 messages included passwords. Today, that’s down to 1 in 5000. However, screenshot sharing has increased significantly since 2018, and are statistically more likely to include sensitive information than traditional images.

In addition to the risk profile, insider threat exposure is on the rise. Collaboration tools are filled with blind spots where even administrators struggle to gain visibility. Over 90 percent of all messages sent in collaboration platforms occur in private or restricted channels. The research found that 1 in 17 messages contain 3+ pieces of sensitive data, including intellectual property, code, credentials and more, and in those channels these messages can be stored indefinitely.

To create a more secure workplace, Plescia recommends:

Streamline Information Governance

Satisfy stakeholders across the enterprise and remain audit-ready by unifying management of collaboration data across your ecosystem into one immutable archive.

Ensure External and Regulatory Compliance

Maintain and preserve your data, avoid financial penalties, and comply with record-keeping provisions.

Enforce Acceptable Use Requirements

Stay ahead of reputational threats and minimize litigation risks by identifying unauthorized information sharing, toxicity and more.

Avatar photo
Written By

Dr. Tim Sandle is Digital Journal's Editor-at-Large for science news. Tim specializes in science, technology, environmental, business, and health journalism. He is additionally a practising microbiologist; and an author. He is also interested in history, politics and current affairs.

You may also like:


Medical team members evacuate a Muslim pilgrim, affected by the soarching heat, at the base of Mount Arafat, also known as Jabal al-Rahma or...

Tech & Science

Should progress with global heating not meet its international targets then the season could be 55 days shorter by the same date, under a...


Asian markets extended last week’s poor run with more losses Monday, following on from another tepid lead from Wall Street.

Tech & Science

It was also found that the relationship between genotype and phenotype is more different than the relationship between coffee and tea.