Collaboration fueling configuration drift

Collaboration tools have fueled configuration drift facilitating phishing attacks since they became widespread during the COVID pandemic. The core of the problem is, as usual, human failure, or more accurately, human procrastination.

Configuration drift happens when vendors and customers join corporate networks with supposedly temporary credentials. When those credentials are not revoked quickly after the collaboration, system settings gradually, almost imperceptibly, diverge from a secure baseline state.

Collaboration tools, beginning with email in the 1970s, were largely clunky, on premises and limited to technically sophisticated organizations. Through the 20 years following the turn of the century they became more sophisticated and allowed inclusion of users outside the networks, like vendors, consultants, and customers. Approximately 400 to 600 million people in professional contexts today use Microsoft Teams, Slack, Google Workspace, Zoom, and dozens of others collaboration tools. Gartner said 90% of Fortune 500 companies standardize on Teams. Moreover, every team that uses collaboration tools configures every collaboration tool differently with no central enforcement.

“Configuration drift is one of the most under-recognized risks in modern cybersecurity,” said Garrett Hamilton, CEO and founder of Reach Security. “Security tools are constantly changing due to updates, new features, and operational adjustments. Over time, those changes create drift that quietly weakens defenses. Organizations need a continuous way to validate that the controls they depend on are still working as intended.”