Fallout 2020 – The Impact of Cyber Debt to Agile Organizations

Share on facebook
Share on google
Share on twitter
Share on linkedin
Cyber-Debt
April 24, 2020

Fallout 2020 – The Impact of Cyber Debt to Agile Organizations

Zoom’s reputation has taken a hit recently, and it has divided Information Security Professionals. There are those in one camp who believe this is “Much Ado about Nothing” or “Nothing to see here”: Zoom’s use increased, from roughly 10 million daily users at the end of 2019 to 300 million today – beyond what any normal organizational planning could have predicted. The other camp believes Zoom should have seen their security and privacy issues coming, and addressed them proactively.
No matter which camp you reside within, the fact remains that Zoom’s experience is a lesson for all companies that rely on code as their primary source of revenue.

Test Zoom Call

Zoombomb

cyber debtZoom’s rapid growth exposed weaknesses in their privacy and security, and it had a negative impact on multiple areas for the company:

  • Their stock price fell (although it has since recovered)
  • They lost large enterprise customers
  • Their reputation took a hit and competitors took advantage of the bad news to convert Zoom customers to their own.  

Google and Microsoft jumped on the opportunity to promote their platforms.  RingCentral, which had licensed Zoom, quickly made plans to accelerate their adoption of their own custom video conferencing client.  

Lessons Learned

Since learning of multiple problems, such as vulnerabilities in the platform and strange traffic to China, Zoom has taken definitive steps to get better, such as hiring Alex Stamos, the former CISO of Facebook.  Their newfound commitment security is exemplary, but it could have been done sooner, and less expensively than hiring an army of cyber talent retroactively.  Once again the glaring lesson learned is that an ounce of prevention (Importance of Proactive Security) is worth a pound of cure.  

From the mouth of Zoom’s own CEO, Eric Yuan, “we need to slow down and think about privacy and security first. That’s our new culture.” It is “the new culture”, not just for Zoom, but for every organization.   A commitment to privacy and security today will pay dividends as more consumers vote for this increased confidence with their wallets.

 

lou@cdg.io

lou@cdg.io

Incident Response

If you think you have been the victim of a cyber attack, contact us right now.

  • Determining the extent of a breach
  • Performing a full-scope response from Identification to Recovery
  • Incident Response retainer services, including IR preparation for your team

Contact CDG

We mobilize and launch a complete investigation of any suspected incident within 24 hours.

  • Determining the extent of a breach
  • Performing a full-scope response from Identification to Recovery
  • Incident Response retainer services, including IR preparation for your team