Collaboration Tools Are Not Without Vulnerabilities & Risks

Information overload is growing each day as group workplaces ping us relentlessly. Managing these increasing instances of awareness is a critical necessity to avoid security issues and burnout. Also: the Microsoft Security Graph is expanding its security partners, the NSA wants consequences for cyberattacks, and there are more remote workers.

4 Min Read
Four Colored Jigsaw Pieces Being Put Together

Among the emerging problems in the collaboration workspace: Security threats and user burnout.

Malicious hackers used Slack to host an exploit designed to target a remote code execution vulnerability in the Windows VBScript engine. It's worth noting that the flaw was patched by Microsoft in May 2018, so a user or organization failing to update the machine's operating system was responsible for the successful attack. However, this was the first documented case of Slack being used as a launchpad for hacker attacks, and what security researchers found notable was how popular cloud-based services can host an attack:

The most interesting aspect of the malware remains its use of popular services to communicate with attackers. The backdoor connects to a GitHub repository to download commands and then connects to a Slack private workspace set up by the attackers to posts the output of those commands, along with the name of the computer the output was collected from. Finally, the malware uploads any stolen files to the file.io cloud storage service.

It helps that both Slack and GitHub are often whitelisted by enterprises.

Expect Microsoft -- which has been pushing Teams as a Slack competitor/replacement -- to double down on stressing its security features. The company continues to make a strong play for Teams as a better-integrated part of the overall workflow. As Microsoft said when announcing how its Planner application is now available for all Microsoft 365 Government GCC customers: "There’s nothing to install or enable to start using Planner in Teams: simply open your Teams app, add a plan, and begin managing your work more efficiently."

An emerging challenge, however, is managing human overwhelm. Three years ago, Harvard Business Review published research suggesting that collaboration can accelerate burnout; people who confirm or clarify details in a workflow are often the most vulnerable to this, but endless meetings and emails are cited as another burnout factor which can be eased via collaboration software that streamlines workflow. Another drawback to meetings: It can be a challenge to retain any of the information exchanged among participants. Otter.ai just rolled out a new product, Otter for Teams, to offer AI-generated, real time meeting transcription for workplaces. 

It may be worth noting that Microsoft Teams already has a similar feature

ALSO:

The Microsoft Graph Security API added an expanded list of alert providers, new capabilities that enable threat intelligence sharing, streamline the creation of security automation workflows, and enable rich security analytics and reporting. This will help more organizations identify suspicious behavior, then surface and remediate threats.

The NSA's top policy advisor, former National Security Council cybersecurity policy coordinator and acting Homeland Security Advisor Rob Joyce, is advocating for the U.S. to start imposing larger economic and political consequences on state actors using cyberattacks for espionage. "We have to impose costs in a visible way to start deterrence.” 

Two in five AI start-ups don't actually have any AI in a way that helps the company's bottom line, a report from VC investor MMC Ventures found. As to why firms might tout their AI capabilities? VC investment in AI has increased by a factor of fifteen in five years.

Remote working is on the rise, CIOs agree in a OneLogin survey. 58 percent of CIOs said that remote working will increase significantly over the next six years; as of right now, 43 percent of survey respondents said they work remotely at least part-time, and 69 percent say workplace flexibility is a critical issue when evaluating potential employers.

Microsoft's Windows 10 can now roll back device drivers, hotfixes, updated system files, service packs, and new Windows features if they prove to be buggy. This new feature is only available for Windows Insiders running Windows 10 Insider Preview, build 18351 or later. This version of Windows 10 has not yet been released publicly. 

System Center 2019 is now generally available. Customers with a valid license of System Center 2019 can download media from the Volume Licensing Service Center (VLSC). Says Microsoft, "As customers grow their deployments in the public cloud and on-premises data centers, management tools are evolving to meet customer needs. System Center suite continues to play an important role in managing the on-premises data center and the evolving IT needs with the adoption of the public cloud."

Microsoft has announced a free, online program that offers training in AI to business executives. The Microsoft AI Business School will emphasize four key skill areas: defining an AI strategy, enabling an AI-ready culture in the workplace, examining the responsible use of AI in the workplace and mastering a high-level overview of AI technologies. 

About the Authors

Richard Hay

Senior Content Producer, IT Pro Today (Informa Tech)

I served for 29 plus years in the U.S. Navy and retired as a Master Chief Petty Officer in November 2011. My work background in the Navy was telecommunications related so my hobby of computers fit well with what I did for the Navy. I consider myself a tech geek and enjoy most things in that arena.

My first website – AnotherWin95.com – came online in 1995. Back then I used GeoCities Web Hosting for it and WindowsObserver.com is the result of the work I have done on that site since 1995.

In January 2010 my community contributions were recognized by Microsoft when I received my first Most Valuable Professional (MVP) Award for the Windows Operating System. Since then I have been renewed as a Microsoft MVP each subsequent year since that initial award. I am also a member of the inaugural group of Windows Insider MVPs which began in 2016.

I previously hosted the Observed Tech PODCAST for 10 years and 317 episodes and now host a new podcast called Faith, Tech, and Space. 

I began contributing to Penton Technology websites in January 2015 and in April 2017 I was hired as the Senior Content Producer for Penton Technology which is now Informa Tech. In that role, I contribute to ITPro Today and cover operating systems, enterprise technology, and productivity.

https://twitter.com/winobs

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like