Thursday, October 18, 2018

Collaboration is good but, are you aware of some of the risks these integrations bring?



Here are 7 of them



  1. API - APIs are the programming glue that holds collaboration systems together in cohesive architectures for specific groups and applications. The trouble is, history shows that this glue can develop cracks that allow hackers to attack the components at the point where they're joined. Consider a zero-trust architecture in which every component and API must authenticate at each transaction. 
  2. Encrpytion Errors - A zero-trust architecture requires encryption within the collaboration application, rather than simply around the application. And the storage systems where data from the collaboration system are stored should be encrypted if that data is at all sensitive to the organization.
  3. Mobile Apps - Even when the software is legitimate, the actions of the user may not be. Phishing, smishing (credential-hunting via SMS), and whishing (the same, via WhatsApp) are all threats that can hit companies that have taken care with all of the app-based vulnerabilities of their mobile devices. While these may not directly use the collaboration system, once credentials are compromised through one of the "-ishing" methods, the credentials for the collaboration system should be considered compromised, as well.
  4. Privilege Escalation -  Users inherit their privilege level from the AD, LDAP, or other directory system in use by the organization. That works well in many situations, but the nature of projects and collaboration means there can be privilege mismatch. Worse, a privilege escalation attack on one side of the application/OS equation can mean an increased vulnerability on the other side, as well.
  5. 3rd Party vulnerability - Every third-party integration comes access to the vulnerabilities that may exist within those third-party tools. The issue for the IT department may well be creating rules for expansion that cover ad-hoc employee experiments and conditions for their safe deployment.
  6. Voice Control -  voice assistants are always listening, which means they are always vulnerable to exploits that let unauthorized listeners hear privileged conversations.
  7. Web - Where there are Web browsers there are Web applications, and where there are Web applications there are vulnerabilities. 


https://www.darkreading.com/application-security/7-ways-a-collaboration-system-could-wreck-your-it-security/d/d-id/1333064?image_number=1

No comments:

Post a Comment