At Avanan, we've discussed how collaboration apps like Slack and Teams aren't as secure as you might think. The apps aren't inherently secure and need additional protections, like the one that Avanan provides.
We've seen this happen recently in the case of EA Sports. A group of hackers broke into Slack, taking the login information of users that were stored in stolen cookies. Once there, they tricked an IT support employee into giving an MFA code and login. Firmly in the system, the group stole some 780GB of data.
This is a common attack method within Slack. It is easy for hackers to do an account takeover and pose as an employee. This becomes simple because profiles are just indicators of identity, and can be easily edited. You'll see this sometimes as an internal joke, where an employee changes their name to someone famous. Consider this example:
Maybe someone isn't impersonating Jeff Bezos, but you can see how it can be done and how it can easily fool someone. Once an attacker is in, a lot of damage can be done, including forwarding of sensitive information, the introduction of malicious links and East-West attacks.
If Slack is not protected, then these things will happen. Slack holds incredibly valuable data, as companies use it more and more for internal discussions. Sensitive documents are shared. Discussions about employees are shared. Personal details flow frequently.
Slack Security must be a priority. Luckily, with Avanan, it's easy:
If there is valuable data on Slack (or any other collaboration app), it's a target for hackers. That's why it's so important to secure all forms of collaboration. Everywhere you do business, from collaboration to file sharing, is an essential part of your security strategy. The goal is to secure the entire SaaS suite. That's what we do at Avanan.