Zoom’s reputation has taken a hit recently, and it has divided Information Security Professionals. There are those in one camp who believe this is “Much Ado about Nothing” or “Nothing to see here”: Zoom’s use increased, from roughly 10 million daily users at the end of 2019 to 300 million today – beyond what any normal organizational planning could have predicted. The other camp believes Zoom should have seen their security and privacy issues coming, and addressed them proactively.
No matter which camp you reside within, the fact remains that Zoom’s experience is a lesson for all companies that rely on code as their primary source of revenue.
Zoom’s rapid growth exposed weaknesses in their privacy and security, and it had a negative impact on multiple areas for the company:
- Their stock price fell (although it has since recovered)
- They lost large enterprise customers
- Their reputation took a hit and competitors took advantage of the bad news to convert Zoom customers to their own.
Google and Microsoft jumped on the opportunity to promote their platforms. RingCentral, which had licensed Zoom, quickly made plans to accelerate their adoption of their own custom video conferencing client.
Since learning of multiple problems, such as vulnerabilities in the platform and strange traffic to China, Zoom has taken definitive steps to get better, such as hiring Alex Stamos, the former CISO of Facebook. Their newfound commitment security is exemplary, but it could have been done sooner, and less expensively than hiring an army of cyber talent retroactively. Once again the glaring lesson learned is that an ounce of prevention (Importance of Proactive Security) is worth a pound of cure.
From the mouth of Zoom’s own CEO, Eric Yuan, “we need to slow down and think about privacy and security first. That’s our new culture.” It is “the new culture”, not just for Zoom, but for every organization. A commitment to privacy and security today will pay dividends as more consumers vote for this increased confidence with their wallets.