Research Objectives
As more workers collaborate virtually, many organizations now depend on additional digital communication tools beyond email. New collaboration tools provide attackers the opportunity to engage with humans to evade automated controls, extending phishing, BEC, credential theft, and other socially engineered attacks beyond email. Advanced attacks leverage multiple attack vectors, requiring individual, core security controls to work together to detect and prevent advanced attacks. This extends beyond traditional security operations tools (e.g., SIEM, SOAR, EDR, and XDR) to core network, cloud, endpoint, and identity controls.
As IT and security teams focus on risk-driven security strategies, consistency of policies and priorities across all enterprise communication channels becomes critical to strengthening security posture. More education is needed to motivate security architects to embrace this higher-level perspective. To gain further insight into these trends, TechTarget’s Enterprise Strategy Group (ESG) surveyed 490 IT and cybersecurity professionals at organizations in North America (US and Canada) and Western Europe (UK, France, and Germany) involved with securing enterprise communication and collaboration technology and processes.
In terms of the risk and security of the many electronic communication and collaboration tools in use, this study sought to answer:
- What types of communication and collaboration tools have organizations formally sanctioned for their employees’ use?
- Approximately how many disparate communication and collaboration tools, including email, have organizations formally sanctioned for use?
- Do organizations formally plan to consolidate one or more communication and collaboration tools into a common platform over the next 12 months? What is the primary driver for this consolidation of communication and collaboration tools?
- How frequently do organizations estimate they face socially engineered attacks involving multiple electronic communication mechanisms, including email, messaging, mobile, and social media? Which communication and collaboration mechanisms do organizations believe are most vulnerable to threat actors?
- How concerned are organizations that attacks will leverage, or have already leveraged, communication and collaboration tools (both sanctioned and unsanctioned) to evade security controls?
- What types of threats that leverage communication and collaboration mechanisms (i.e., email, messaging, social media, etc.) are organizations most concerned about? What threats do organizations believe have penetrated their current communication and collaboration security controls in the past 12 months?
- How much of a priority is securing the many communication and collaboration mechanisms for organizations beyond their primary email solution? How do organizations expect their spending for communication and collaboration security controls to change over the next 12 months?
- How confident are organizations in the native security capabilities included in each of the formally sanctioned communication and collaboration tools they currently use?
- Do organizations have a formal security end-user training program that informs employees about securing sensitive information policies?
Survey participants represented a wide range of industries including manufacturing, technology, financial services, and retail/wholesale. For more details, please see the Research Methodology and Respondent Demographics sections of this report.