A potential new cybersecurity threat: hacks through Slack. Credit: Magdalena Petrova On the heels of National Cybersecurity Awareness Month, now seems like an opportune time to draw attention to a potential new cybersecurity threat: Slack attacks.It’s no secret that cybersecurity breaches are more prevalent today than ever before. Global ransomware damage costs are expected to surpass $5 billion in 2017, according to research from Cybersecurity Ventures, and cybercrime damage is projected to cost the world $6 trillion annually by 2021. That’s up from $3 trillion just last year.For those following the news, these numbers, while alarming, may not come as a surprise. From Deloitte to Yahoo, major companies have famously been the victims of devastating email hacks, as have high-profile political figures including French President Emmanuel Macron and Presidential Senior Advisor Jared Kushner. These buzzworthy incidents have raised red flags among organizations, which are now taking strides to enhance email security measures.Unfortunately, these measures may not be enough. While email remains the primary communication channel among businesses, more and more organizations are leveraging alternative messaging systems to share (often sensitive) information. Slack is one of the most popular of these alternative messaging systems, with 6 million daily active users. And with the platform’s newly announced capabilities – including the channel collaboration feature – the number of Slack users is likely to increase. Users like Slack for many reasons, including the ability to easily share files and get fast answers on urgent, high priority issues. The problem is that, much like email, information exchanged on Slack can be subject to ransomware attacks.To prevent security breaches, organizations need to devise strategies that not only reduce the risks of email hacks, but Slack hacks as well. They should: Tighten permissions on what integrations can come through Slack and who controls them. Slack was initially popularized through development organizations that appealed to tech companies. Because the platform was used primarily by tech professionals, users were typically granted the ability to add new applications to Slack. Over time, however, more and more employees outside of the tech function began using Slack. As a result, HR, marketing and sales professionals (among others) can now add new applications to the platform, without deep insight into how these applications work and what other data they can access. Many Slack integrations also connect to other sensitive systems, such as Salesforce (CRM) and Workday (HR). A Slack integration could unwittingly give hackers access to an organization’s “crown jewels.” To the untrained eye, applications may appear to be harmless platform integrations, but could really be malware. By tightening permissions on who can evaluate and control integrations, businesses can better prevent against malware attacks.Evaluate third parties that are specifically focused on improved security for Slack. In recognition of messaging platforms’ vulnerability to hacks, companies have emerged to conduct real-time analysis of hacking activity. By developing reports for partner organizations, these companies can detect issues before they escalate into devastating problems and prevent future attacks from happening. GreatHorn is one such company offering these services. Mimic email security measures. With Slack increasingly replacing email to communicate business issues, organizations should apply the same policies and controls they use to keep email secure to Slack. Businesses may want to consider tasking their IT teams with this now (if they’re not already) to get ahead of the issue.By abiding by these best practices, organizations will be better equipped to keep internal information out of the wrong hands. And by addressing potential risks, like Slack attacks, before they become real problems, we can demonstrate the true value of National Cybersecurity Awareness Month. Related content opinion X-ray your SaaS apps to reveal hidden security vulnerabilities Best practices to understand security evaluations what is happening "under the hood" of cloud/SaaS applications. By Greg Arnette Jun 08, 2018 5 mins Technology Industry SaaS Application Security opinion Exploring the paradigm shift from backup to data protection Smart organizations evaluate their overall data footprint and transform their traditional back office IT to a streamlined data protection approach for both cloud and on-premises data. By Greg Arnette May 01, 2018 5 mins Backup and Recovery Cloud Security Disaster Recovery opinion The wild west of cryptocurrency security – and what the future holds Time will tell how virtual currency security issues ultimately get resolved, but as we wait, keep changing those passwords and please, try not to throw away your key. By Greg Arnette Feb 23, 2018 4 mins Financial Services Industry Technology Industry Data and Information Security opinion How the International Olympic Committee can win gold in cybersecurity While hackers like “Fancy Bears” may continue their mission to create headline-grabbing attacks and disruptive behavior, there are steps every institution across the world and in varying industries can take so they don’t fall victim By Greg Arnette Feb 05, 2018 4 mins Technology Industry Data and Information Security Network Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe