Mimecast Logo
Angebot einholen
    Cyber Resilience Insights
    Alle Themen
    Email and Collaboration Threat Protection
    Web Security
    Security Awareness Training
    Data Compliance and Governance
    Threat Intelligence
    Insider Risk Management Data Protection

    Human Risk and Insider Risk Management: The Rippling-Deel Case

    What a security team being called upon on to investigate and catch a mole can teach organizations about securing their collaboration tools.

    by Jeff Schumann

    Wichtige Punkte

    • A fast-growing HR software company has accused a competitor of corporate espionage involving long-term IP theft within its Slack instance, facilitated by a mole placed by that competitor.
    • This case is a wake-up call for business leaders and security teams and is a stark reminder of the vulnerabilities hidden within modern communication tools.
    • This security breach demonstrates the critical need for effective security measures to safeguard sensitive workplace communication platforms.

    Human Risk Management

    Organizations are increasingly recognizing that people – employees, customers, and stakeholders – are both their greatest asset and their greatest vulnerability. This has made human risk management the hottest topic in cybersecurity.

    Human error is one of the leading causes of data breaches and cyberattacks. With the rise of remote work and digital transformation, managing human-related risks in cybersecurity has become critical. Companies are under pressure to ensure secure and compliant work environments, especially in industries like finance and healthcare that use and store critical customer data – data that must be secured to avoid violating regulations and damaging public trust. Human risk management helps mitigate breaches, ensure compliance, and lessen legal liabilities and reputational damage.

    Employees' actions, both online and offline, can significantly impact a company's security and its reputation. Managing human risks like accidentally divulging login credentials, clicking on malicious links, visiting malicious websites, and improper use of GenAI tools is essential to maintaining security.

    This is why organizations are focusing so much on human risk management. Users falling prey to phishing emails, clicking on links that download malware, feeding proprietary information into tools like ChatGPT, or even unwittingly interacting with cybercriminals on collaboration tools are all accidents that security teams are working with users through training programs to avoid. In fact, Mimecast’s recent The State of Human Risk 2025 report cited that in a survey of 1,100 IT and security professionals, 87% of respondents said their organization trains its employees to spot cyberattacks at least once a quarter. 

    Insider Risk Management

    But what happens when the user is not doing these things by accident? What happens when a user you think is a valuable member of your corporate team – one you believe is genuinely trying to do a good job and do right by their employer – turns out to instead be a malicious actor? Sometimes this can happen when an employee decides to leave the company or gets wind that they may soon be let go. It can even happen when an employee is approached by a cybercriminal and offered something of value to give them a hand in breaching the company where they work. According to Cybersecurity Insiders' recent 2024 Insider Threat Report, 83% of organizations reported at least one insider attack in the last year.

    And on the extreme side, what happens when the employee is actually a mole planted by your competition to breach your security to gather your trade secrets and other proprietary information? Many security teams would view this as impossible – something that only happens in movies – something that would never happen to them during the course of securing their organization, but I recently highlighted such a case in an article for HR Executive.

    The Rippling-Deel Case

    To summarize the story, HR services provider Rippling has filed a lawsuit against competitor Deel, claiming that the company planted a rogue employee in Rippling’s Dublin office. According to the suit:

    • The Deel mole used their access to Rippling’s Slack instance to access proprietary company information, including trade secrets, sales leads, and other intellectual property over the course of several months.
    • Rippling exposed the scheme using a carefully orchestrated “honeypot” trap within Slack.
    • Rippling identified suspicious activity after the employee planted by Deel began searching Slack for mentions of competitors, sensitive payment information and confidential sales pitches.
    • Deel used this information for its benefit until legal action was taken.

    The Rippling-Deel case shows how easily Slack’s convenient communication can be turned into a weapon and a liability in the wrong hands. These vulnerabilities demand a commitment from security teams to proactive security measures, including monitoring internal messaging alongside email. These measures help security professionals ensure that data is being properly shared to minimize risk exposure.

    Though a wonderful tool for helping teams collaborate, Slack is a very attractive target for malicious actors. Centralized data repositories and the extensibility of its open API make Slack highly vulnerable to exploitation, and every Slack workspace contains valuable assets, including intellectual property, financial documents and strategic discussions, making it a prime target for insider threats and external breaches. Without robust security protocols, organizations risk exposing their sensitive data to catastrophic breaches.

    What Can Security Teams Do?

    In order to stop these types of attacks – from a simple but dangerous employee slip up all the way up to a mole planted by a competitor – security teams need to diligently monitor employee communications for various reasons, such as a data breach, insider threat event, HR complaint, or a legal violation.

    This can be accomplished by deploying an advanced investigation tool like Mimecast Aware. Aware is designed to enhance security, compliance, and data management within collaboration tools like Slack, Microsoft Teams, and Zoom. It addresses risks such as data loss, non-compliance, and security threats by providing:

    • Complete visibility through centralized collection, processing, and preservation of collaboration data.
    • Streamlined data management by ensuring compliance with policies and regulations while managing data securely.
    • AI-powered detection by identifying threats, policy violations, and unauthorized data sharing with custom detection rules.
    • Incident response through automated actions like redacting, quarantining, or flagging suspicious content.
    • Risk mitigation by tracking emerging risks using AI and NLP models to monitor behaviors, sentiment, and trends.
    • Seamless integration with existing tech stacks, offering rapid deployment and efficient risk management for modern collaboration environments.

    The Bottom Line

    The Rippling-Deel case highlights how seemingly secure communication platforms can actually still expose critical weaknesses. These platforms, like Slack, must be proactively safeguarded and monitored for suspicious activity. Learn more about how Mimecast can help speed your investigations across your digital estate.

    Verwandte Artikel

    Abonnieren Sie Cyber Resilience Insights für weitere Artikel wie diesen

    Erhalten Sie die neuesten Nachrichten und Analysen aus der Cybersicherheitsbranche direkt in Ihren Posteingang

    Anmeldung erfolgreich

    Vielen Dank, dass Sie sich für den Erhalt von Updates aus unserem Blog angemeldet haben

    Wir bleiben in Kontakt!

    Zurück zum Anfang