In the past two months, Zoom’s users experienced multiple cybersecurity breaches due to Zoom’s lack of product security. Those breaches enabled hackers to intervene in online meetings and compromise the security and privacy of Zoom’s users. Therefore, dozens of companies and organizations banned their employees from using Zoom.
Our new reality made Zoom one of world’s fastest-growing companies.
Zoom stock (NASDAQ:ZM) rose by 47.93% from March 13th to May 8th, Zoom app daily downloads increased 30x year-over-year, and the app has been the top free app for iPhones in the United States since March 18th. According to Zoom, daily users spiked to 200 million in March, up from 10 million in December.
In the past two months, Zoom’s users experienced multiple cybersecurity breaches due to Zoom’s lack of product security. Those breaches enabled hackers to intervene in online meetings and compromise the security and privacy of Zoom’s users. Therefore, dozens of companies and organizations banned their employees from using Zoom.
A partial list of such companies:
- NASA
- German Foreign Ministry
- New York City Department of Education
- Australian Defense Forces
- Daimler AG
- Ericsson AB
- Qualcomm
- NXP
- Bank of America
- SpaceX
From experience with connected product companies, when you don’t designate a CPSO (Chief Product Security Officer) your customers suffer from your product security glitches, which may cost your reputation, and revenue loss. In other words, customers expect connected product companies to deliver protected products. Otherwise, they penalize them with costly SLAs or dump their business, altogether.
Last month, Zoom responded with three major measures: First, they announced a 90-day product security plan; second, they retained Facebook former CISO, Alex Stamos as an acting CPSO and two weeks after, Zoom released Zoom 5, as a rapid-response for current product security issues. Zoom 5 includes AES 256-bit GCM encryption, data routing controls, and user-enabled security, such as manual confirmation of each attendee, lock the meeting to new participants, and complex passwords.
Even more: Last week, Zoom announced the acquisition of Keybase, an end-to-end encryption chat company.
We are certain that Keybase acquisition followed by nominating a senior product security person, who owns product security (even on a consulting basis, until the position is permanently occupied), will ensure that the connected product complies with security standards and will strengthen Zoom’s security posture. We hope that this great application continues to add customers and stop the bleeding of customer defection due to its product security issues.
Meet our Product Security Program Slideshare to learn more.
