MetriSight Ep.64 – Getting Your Security House in Order

June 10, 2024 00:13:27
MetriSight Ep.64 – Getting Your Security House in Order
Metrigy MetriSight
MetriSight Ep.64 – Getting Your Security House in Order

Jun 10 2024 | 00:13:27

/

Show Notes

In this episode, Metrigy’s Irwin Lazar walks us through what’s going well, and not so well, in collaboration and contact center security today, and shares tips for how to get it right. Based on Metrigy’s recently published Workplace Collaboration and Contact Center Security and Compliance: 2024-25 study.

View Full Transcript

Episode Transcript

[00:00:22] Speaker A: Hello and welcome, everybody. Thanks for tuning into this episode of Metrosite A Pirate, presented by Metrogy. I'm Beth Schultz, vice president of research and principal analyst with Metrogy. [00:00:33] Speaker B: And hi, I'm Erwin Lazar, president and principal analyst with Metrugy. [00:00:37] Speaker A: And today we're here to talk about our latest research, a study on workplace collaboration and contact centric security and compliance management, which Erwin headed up. So Erwin has cut right to the chase. Why this topic? Our company's not already paying close enough attention to security of their communications and collaboration apps. [00:00:58] Speaker B: Sadly, the answer is no. We've covered the collaboration security space for the last several years in our annual workplace collaboration study. We've also covered contact center security, mostly from a toll fraud and voice protection aspect, in our last several contact center experience optimization studies. And, you know, it's unfortunately kind of consistent that we continue to see that roughly about 35% of companies have what we would consider to be a formal communication collaboration contact center, even overall strategy that looks at the different applications they have, what their different risks are, what the threats are, and how they mitigate those, and then also addressing some of the compliance issues. It's a conversation we have a lot with our clients, and it's one that is continuing to grow in concern as AI and AI generated content now enters the lexicon. And so now you've got the scenario where most companies are using AI in some fashion. They're starting to look at things like generating meeting transcripts, call transcripts, even content like documents and presentations and so on. They don't really have often a way to deal with security, though. So it's interesting that we found it's still sitting at around 35% of companies that have a plan. Depressingly. At the same time, we've seen a tripling of the number of participants in our research over the last three years that are telling us that they're experiencing security incidents. So we asked participants, have you had a collaboration contact center communication security incident in the last three years? And that went from about 7% to 2021, up to over 20% in 2023 when we asked a question about their experience over the last year, so would have covered 23. And, you know, it's, it's, it's also worrisome that not necessarily, you know, 7% of people said, I'm just not going to disclose, 72% said, we haven't had an incident. There's probably a percentage of those who have had one, but we're heading in the wrong direction. You know, we're seeing that the number of companies reporting security incidents going up, while the number of companies who say they feel like they've got a handle on collaboration and contact center security staying roughly flat over the last several years. [00:03:13] Speaker A: Okay, Sarah or Erwin, what kind of threats should they be paying attention to? Or maybe giving more attention to if they're not watching closely enough? Yeah. [00:03:22] Speaker B: So splitting out between security and compliance. On the security side, there are toll fraud attacks that are getting more sophisticated, voice phishing attacks where somebody will try and pretend they're a customer and try and get into that customer's account. Maybe they've got some information about that customer. Maybe they've got a snippet of the customer's voice that they've used to create an AI voice bot where they can impersonate the customer. Maybe they know information about the customer that they've discovered on the web or through a variety of different means that they may have stolen it. So that's one area. Certainly, attacks through messaging applications are becoming more of an issue. So if you're a company that's operating teams or slack or one of the other team messaging applications, somebody could try and get into your messaging environment. Once they do, they've got access to a lot of company information. We've seen attacks like that play out over the last couple of years. Electronic Arts had an attack through their messaging portfolio that allowed attackers to steal source code. We see attacks on, or we see threats of employees using non approved applications. You know, often when you don't have a security strategy, you result to saying, you know, we're just going to block things, we're going to turn applications off. Well, the normal reaction, unfortunately, is employees will find a way. They'll go around. They'll use apps like WhatsApp, they'll use apps like we saw Skype 20 years ago, and we've seen here in the US a number of fines and the billions of dollars now over the last several years for regulated organizations that have been fined by the SEC and other regulatory bodies for not so much allowing, but not knowing that their employees are using public, uncontrolled applications for business use and sharing things like financial advice, maybe even medical advice. So the threat matrix continues to grow. And then the last area I would say is, again, this concern around generative AI. I'm generating meeting transcripts, I'm generating summaries, I'm generating call notes, I'm generating documents. Not only do we not know potentially where that information is going, but we may not have a way of classifying it, of storing it, of archiving it. Of protecting against data loss and maybe even more importantly lately, knowing the validity of the information that's coming out. So if I generate a meeting transcript and it says employees can take the next six months off versus can't, and that got pushed out to the company, well, now everybody's walking out the door because the executive meeting transcript said something it shouldn't have said. So there's lots of concerns. We saw a few months ago, Air Canada's customer facing bot created a frequent fire benefit that the company ended up having to support. So the threat matrix continues to grow, I guess, is what I'll close with. [00:06:16] Speaker A: Okay. Now, you pointed out that despite the growing threat matrix, despite the growing number of incidences, you know, companies still aren't putting into place those security plans. What are the trends, positive as well as negative, did you find in the study? Erwin? Yeah. [00:06:35] Speaker B: So, in every one of our studies, we look at defining a success group. And so in this particular study, we looked at companies that had measurable and above average ROI for their use in investment and collaboration applications. So we looked at opportunities to see save money, opportunities to increase revenue through more effective collaboration and companies who are measuring gains in productivity, typically through shortening repeatable processes. So, on the positive side, we found that companies with the highest success were the ones that were most likely to have a security plan, most likely to have CiSo involvement in security, most likely to use third party platforms. So I'll wrap up with some takeaways going into this a little bit more detail, but I'd say the overall positive is that having a plan, having a strategy correlates with success. It correlates with higher roI, higher potential revenue improvements, cost savings and productivity. I would say the use of third party platforms continues to still be kind of flat, but we are seeing the companies are at least getting a little bit more awareness. But I'd say the overall most positive trend in this particular study, versus some of the data we've gathered in the past, is that CISOs are now more involved in security discussions than they were two, three years ago, and collaboration was kind of something they didn't worry about, and they kind of left off to the collaboration teams to figure out how to set their own policies. [00:07:59] Speaker A: So I think you kind of touched on some of these in the trends that you just pointed out. But in a recent webinar, you went through five recommendations for it leaders to think about as they focus on collaboration, security and management. So what are those five recommendations? Erwin, why don't you share here as well? [00:08:19] Speaker B: Yeah, we held a webinar, and that is now available on our bright talk channel. It's also on the Metrugy website. You can go to resources and webinars on the front page. And so we invite people to go and take a look at that. And so that webinar, I mentioned the success group and we looked at what are the characteristics of successful companies. We found, again, again, five areas that closely correlated with companies having higher ROI for their use of collaboration applications. And the first one, as I mentioned, was having the CISO involved in collaboration security. It has to be something that is tied into the overall security plan and posture of the organization. It can't be something you look at and go, you know what, I'm worried about our company data, our customer data, tax denial service, ransomware, and I'm going to leave the collaboration applications up to the collaboration team. That's not a successful way to approach collaboration and context center security as well. Secondly, is actually having a plan. So putting a group together, a team that is responsible for, as I mentioned earlier, defining what the risks are, looking at all the different applications that are in use, understanding the regulatory environment that you operate in, looking for gaps and figuring out a way to close those gaps. Third one is using third party tools. There are a number of third party platforms out there that are designed to address different security areas. So you've got a number of vendors who focus on voice security, those who focus on messaging and document security, those who focus on contact center and customer identification security. So looking at what are the right tools for you, especially if you're in mixed environments, how can you have a consistent policy across the different applications that you have? So that's the third, the fourth is having CISO involvement in funding those tools. So again, it shouldn't be something that's left to the collaboration and contact center teams to go out and be responsible for funding, because in that case they might not have the budget and they may say, you know what, I've got other things that are more pressing, or I'm being asked of that I need to fund first before I invest in security. And the last one is around that generative AI plan. So we saw in our study about 35% of companies adopting generative AI, about 60% evaluating or planning to roll out, making sure that as you look at those generative AI applications, you understand what additional risks that they introduce, that the CISO is again involved in that discussion, and that you're putting a plan in place to address those risks. I think those are the five key. [00:10:49] Speaker A: Takeaways and those are great takeaways for listeners. So what else can you tell folks is on your research agenda around collaboration for the rest of the year? [00:11:02] Speaker B: Yeah, we've got a busy year. We've got a study underway now that is our refresher of our annual workplace collaboration metricast that Diane Myers is leading. And so that will result in updated market forecast, updated metricast report, where we look at what are the buying trends, what are the budget trends in various collaboration communication technologies. We'll produce our Metrostar reports to recognize those companies that have demonstrated high levels of business success in their customers and that the customers rate them very highly. We'll also update our metro ranks, which is our longer term market forecast and our ranking of the specific vendors in a number of spaces. UCAS is the primary one that we cover there. Beth, I know you're working on a connected workspace, so I'll let you chat about those, but my last one will be later this year. What we call, we used to call it our workplace Collaboration 20, 24, 25. We're renaming that to employee engagement optimization. That's going to cover the evolution of meeting spaces, the use of generative AI, and overall evolution evolution of collaboration platforms. [00:12:17] Speaker A: Right Erwin, as you mentioned, I'll be doing a research study around connected workspaces, and that's the whole idea of enabling collaborative work management, pulling together your project management with your document collaboration, enabling communications and collaboration throughout all of that access to knowledge bases, all within a single interface. And that study will be coming out later this year as well. And of course, we have a full slate of customer experience related research, which our colleague Robin Garris oversees. And for all of that, you can just check out our research agenda, which is available on our website. So with that, let me say thank you all for listening to us. And as a reminder, we always like to hear from you, so feel free to reach out via the contact button on the metrogy site. That's all for now. On behalf of the Metrosite team, goodbye till next time, and take care everybody. [00:13:18] Speaker B: Thank you.

Other Episodes

Episode

April 24, 2024 00:25:38
Episode Cover

MetriSight Ep.60 – 2024 CX MetriStar Award Winner Recap

Tune in to discover which vendors have earned our prestigious MetriStar Top Provider Award across 12 CX technology categories, and which additional providers get...

Listen

Episode

April 24, 2024 00:10:57
Episode Cover

MetriSight Ep.59 – What’s on Our UC Agenda for Enterprise Connect?

Metrigy’s Irwin Lazar and Diane Myers will be on hand at EC2024 to share insights on 911, AI for employee collaboration, premises-to-UC cloud migration,...

Listen

Episode 0

October 31, 2023 00:28:52
Episode Cover

MetriSight Ep.49 – How to Fix the Work-Relationship Problem

HP’s recently published Work Relationship Index, based on a global survey of 12,000 knowledge workers, 3,600 IT decision makers, and 1,200 business leaders, reveals...

Listen