Blog

How Lack of Product Security Caused Zoom Customers’ Defection

Assaf Harel | May 12, 2020
Zoom

In the past two months, Zoom’s users experienced multiple cybersecurity breaches due to Zoom’s lack of product security. Those breaches enabled hackers to intervene in online meetings and compromise the security and privacy of Zoom’s users. Therefore, dozens of companies and organizations banned their employees from using Zoom.

Our new reality made Zoom one of world’s fastest-growing companies.

Zoom stock (NASDAQ:ZM) rose by 47.93% from March 13th to May 8th, Zoom app daily downloads increased 30x year-over-year, and the app has been the top free app for iPhones in the United States since March 18th. According to Zoom, daily users spiked to 200 million in March, up from 10 million in December.

In the past two months, Zoom’s users experienced multiple cybersecurity breaches due to Zoom’s lack of product security. Those breaches enabled hackers to intervene in online meetings and compromise the security and privacy of Zoom’s users. Therefore, dozens of companies and organizations banned their employees from using Zoom.

A partial list of such companies:

  1. NASA
  2. German Foreign Ministry
  3. New York City Department of Education
  4. Australian Defense Forces
  5. Daimler AG
  6. Ericsson AB
  7. Qualcomm
  8. Google
  9. NXP
  10. Bank of America
  11. SpaceX

From experience with connected product companies, when you don’t designate a CPSO (Chief Product Security Officer) your customers suffer from your product security glitches, which may cost your reputation, and revenue loss. In other words, customers expect connected product companies to deliver protected products. Otherwise, they penalize them with costly SLAs or dump their business, altogether.

Last month, Zoom responded with three major measures: First, they announced a 90-day product security plan; second, they retained Facebook former CISO, Alex Stamos as an acting CPSO and two weeks after, Zoom released Zoom 5, as a rapid-response for current product security issues. Zoom 5 includes AES 256-bit GCM encryption, data routing controls, and user-enabled security, such as manual confirmation of each attendee, lock the meeting to new participants, and complex passwords.

Even more: Last week, Zoom announced the acquisition of Keybase, an end-to-end encryption chat company.

We are certain that Keybase acquisition followed by nominating a senior product security person, who owns product security (even on a consulting basis, until the position is permanently occupied), will ensure that the connected product complies with security standards and will strengthen Zoom’s security posture. We hope that this great application continues to add customers and stop the bleeding of customer defection due to its product security issues.

Meet our Product Security Program Slideshare to learn more.

Read more

Want to learn more?

Contact Us
Loc

USA

41000 Woodward Ave
Building East, Suite 350
Bloomfield Hills, MI 48304
Tel: +1 248-574-5171

Loc

Israel

24 HaNagar Street
Hod Hasharon
45277-13
Tel: +972 9 88 66 113

Loc

Germany

Wasserburger
Landstr. 264, Munich
81827
Tel: +49 151 1471 6088