Each online operation or task carries some degree of cybersecurity vulnerability, but some pose more risk than others. The Kiteworks Report on Sensitive Communication Content revealed that this is particularly evident when utilizing communication utilities.
Regarding data security, communication encompasses more than mere interaction with another individual; it encompasses any data transfer from one online point to another. A variety of tools, including email, document exchange, managed transmission, and secure file sharing, are employed by corporations for communication purposes. Nevertheless, numerous other communication means exist, such as SMS messages, video conferencing, and even website forms. The research conducted by Kiteworks indicated that when it comes to security and communication tools, having more doesn’t necessarily equate to better.
The survey suggested that entities utilizing over seven distinct communication methods were at significantly higher risk of encountering a data violation — a 3.55x elevated risk compared to the average. While only 9% of organizations reported ten or more data breaches overall, 32% of those utilizing over seven communication tools experienced this elevated breach rate. Moreover, employing numerous communication tools often leads to increased litigation costs associated with data breaches, with organizations utilizing more than seven tools reporting expenditure 3.25 times higher in data breach litigation costs.
Consequences of a data breach
Entities experiencing a high number of data breaches usually witness various negative effects on their operations, such as loss of clients, harm to reputation, and operational interruptions. Additionally, many organizations must employ additional personnel post-breach, such as customer support assistance and credit monitoring services. Those within regulated sectors might also face penalties linked to the breach.
The 2024 Data Breach Cost Report unveiled a spike in the average cost of data violations to $4.88 million from $4.45 million in 2023, marking a 10% escalation and the most substantial increase since the pandemic. While the study highlighted essential enhancements concerning breaches, particularly in terms of detection and containment speed, the augmented breach costs stem from increased business expenditures.
View the Data Breach Cost Report
Reasons why an upsurge in communication tools heightens risk
Given that communication and data transfer are now vital in all industries and processes, both within and outside an entity, mitigating risk commences with grasping why each new tool heightens the chances of a breach.
The following are essential causes behind the relationship between the quantity of tools and the likelihood of a data breach:
Expanded attack surface
Each introduction of a new tool in a process expands the organization’s attack surface whenever a user accesses the tool. For example, suppose the marketing department has started using a distinct video conferencing tool from the rest of the organization. In that case, threat actors can target the tool’s users and cloud-stored meeting recordings. Furthermore, the data transmitted through the tool, such as chat messages and shared files, offers additional breach opportunities.
Increased instances of sensitive data exchange
Kiteworks revealed that monitoring sensitive data poses a significant issue, with approximately two-thirds of respondents dispatching sensitive data to over 1,000 separate third parties. Furthermore, personnel often become less vigilant while using informal communication tools like messaging and email, resulting in instances of sharing sensitive data and amplifying breach risks.
Greater resource demands for oversight and monitoring
Given that communication tools pose numerous cybersecurity risks, the usage of each tool necessitates close monitoring with well-documented procedures. This mandates additional resources, chiefly in monitoring tool usage for cybersecurity threats or misuse. With multiple tools to oversee, it becomes easier to inadvertently overlook breach warning signs.
Heightened human error risk
Communication tools present various opportunities for employees to commit mistakes leading to breaches, such as falling prey to a social engineering ploy or using an insecure connection for data transmission. Employees are also more prone to compliance errors with increased tools since processes may differ per tool, making it easier to overlook a step.
Minimizing risk stemming from communication tools
Minimizing breaches can often seem daunting. By commencing with communication tools, enterprises can proactively take measures to lessen their risk.
Evaluate the current tool inventory
Many entities lack precise awareness of the number of tools in operation. By collaborating with all staff and departments, organizations should compile a record of all presently utilized tools.
Remove redundant tools serving identical purposes
If multiple project management tools are implemented throughout an organization, a review must ascertain the most suitable tool for the entity. By assisting teams in transitioning to approved tools, breach risk can be mitigated.
Equip employees with necessary tools
Several employees choose to use non-approved tools as company-issued alternatives do not meet their requirements. For instance, entities advise employees to use file-sharing tools with file size restrictions. If an employee needs to transmit an oversized file via such a tool, they resort to utilizing another sanctioned tool. Numerous organizations’ high tool utilization arises from employees improvising to fulfill tasks. By ensuring employees have tools tailored to their functions, organizations can swiftly reduce tool diversity.
Employ multifunctional tools
The proliferation of communication tools is often rapid when each distinct communication task is paired with a separate tool. By leveraging platforms encompassing multiple functions like file sharing, video conferencing, and messaging, entities can considerably curtail the tool count.
Recognizing that an organization utilizes numerous tools is a straightforward realization. By striving to comprehend the essential tools and furnish appropriate tools, an entity can decrease breach susceptibility.