Benefits of company digital tools like Zoom come with cyber and financial risks

Summary

As Zoom’s popularity has exponentially increased in recent weeks due to the mass migration to remote work, reports on security flaws continue to trickle out. Former NSA hacker Patrick Wardle shared with TechCruch two new security flaws that can be exploited to grant hackers physical control of a victim’s computer. Malicious code can be injected into a computer via a Zoom installer to gain root access—the highest level of user privileges.

Report

Analysis

Digital transformation initiatives carried out across the business world have brought third-party tools such as Zoom into corporate networks. The primary business benefits of the tools, namely the cost and operational efficiencies, have been easy for companies to justify and too difficult to resist. This same principle is applied to the outsourcing of critical digital infrastructure to managed service providers like WiPro.

But, with these tools and services come cyber risks that translate to financial risks. Based on Wardle’s finding, a hacker could gain root access to an employee’s computer connected to a corporate network via the Zoom installer compromised with malicious code. Once the hacker gains this access, the person could then use it as a platform over which to carry out further attacks such as ransomware on a company, some of which could disrupt core, increasingly digitized business operations. Business disruption attacks like ransomware are resulting in billions of dollars in financial losses for impacted companies and have become increasingly common in the past two years.

At a deeper level, the company adoption of digital tools like Zoom, which have further accelerated in recent weeks amid COVID-19 disruptions, will force companies to reckon with a problem with technologies that lack “security by design.” Companies like Zoom—and Facebook before them—place an emphasis on growth at all costs. This means pushing out products to the public that are not designed with security at the core but added on after the fact. This has been done because there are no mandated security standards for digital products globally. This is a deficiency that is unique to digital assets, considering the products that are regulated:

Resolving “buggy code” after an incompletely tested product goes live has just been viewed as standard procedure in the “move fast and break things” era. But, in fact, the Zoom story (like the Facebook story before it) is an example of the high risks and hidden costs that result from poor cybersecurity. Along with “move fast and break things” comes “move fast and break other people’s things,” namely corporate networks.

Close

Instantly download research in our library and be the first to get access to new content

Denis Bolshakov

Log out

We use cookies to make our website more user-friendly and effective

The Cyberhedge Indices Cookie Policy

What are the Cyberhedge Cyber Governance Indices?

These first ever benchmarks prove good cyber governance matters to shareholder value. They measure stock market performance of companies with good and with bad cyber governance scores. Scores are based on Cyberhedge’s proprietary cyber governance rating methodology. Market performance is tracked by an independent firm. The results show that companies with good cyber governance outperform their peers in US, UK, and EU markets.

Information that we collect

Here you can see and customize the information that we collect about you. To learn more, please read our privacy policy

Continue on website