Zoom's CEO Eric S. Yuan announced today that the company has formed a CISO Council and an Advisory Board to collaborate and share ideas on how to address the videoconferencing platform's current security and privacy issues.
Alex Stamos, former Chief Security Officer of Facebook and Adjunct Professor at Stanford’s Freeman-Spogli Institute, has also joined Zoom as an outside advisor starting this month "to assist with the comprehensive security review of our platform."
CISOs to help focus on Zoom's privacy and security issues
"I am truly humbled that — in less than a week after announcing our 90-day plan — some of the most well-respected CISOs in the world have offered us their time and services," Yuan said.
"This includes CISOs from HSBC, NTT Data, Procore, and Ellie Mae, among others. The purpose of the CISO Council will be to engage with us in an ongoing dialogue about privacy, security, and technology issues and best practices — to share ideas, and collaborate."
Zoom's Advisory Board includes CISOs from VMware, Netflix, Uber, Electronic Arts, and others, and they will directly advise the CEO with the end goal of keeping privacy and security as the main focus of Zoom's development process.
"We are grateful to Alex and our CISO Council members for their vote of confidence in Zoom and their desire to help make us even better," Yuan added. "Together, I have no doubt we will make Zoom synonymous with safety and security."
Some personal news...
— Alex Stamos (@alexstamos) April 8, 2020
After tweeting about Zoom last week I got a call from the CEO, @ericsyuan, and we had a great chat. Happy to say that I'll be helping Zoom out as they build up their security program.https://t.co/oZEbqXdcNM
Measures taken so far to address security, privacy concerns
Zoom has gone through a series of issues as of late, having to patch a security vulnerability in January that could enable threat actors to identify and join unprotected Zoom meetings.
During late-March, Zoom also announced that it removed the Facebook SDK from the Zoom iOS app after Motherboard reported that it collected and sent device info to Facebook's servers.
On April 1, Zoom fixed some Mac-related security issues uncovered by Patrick Wardle and a UNC link issue that could've enabled attackers to steal users' Windows NTLM credentials or remotely launch executables on their computer.
On the same day, Zoom also clarified the confusion created around its platform's encryption, and removed the attendee attention tracker feature and the LinkedIn Sales Navigator app to prevent unnecessary data disclosure.
Starting April 4, Zoom enabled a Waiting Room feature which allows hosts to control when participants join meetings and now requires a password when scheduling new meetings, instant meetings, or webinars. These measures were taken to help Zoom users defend against the rising threat of Zoom-bombing incidents as the FBI warned on March 30.
Earlier this month, the Department of Justice and Offices of the United States Attorneys warned that Zoom-bombing is illegal and that those involved can be charged with federal and state crimes that could lead to fines and/or imprisonment.
BleepingComputer has an exhaustive guide on what the steps needed to properly secure online meetings from Zoom-bombing attacks.
Zoom is also planning to take a number of other measures "to better identify, address, and fix issues proactively:"
• Preparing a transparency report that details information related to requests for data, records, or content.
• Enhancing our current bug bounty program.
• Engaging a series of simultaneous white box penetration tests to further identify and address issues.
• Weekly webinars on Wednesdays at 10am PT with Zoom's CEO to provide privacy and security updates to our community.
CISA recommends federal agencies to use Zoom for Government
According to a joint memo issued yesterday by DHS’s Cybersecurity and Infrastructure Security Agency (CISA) and Federal Risk and Authorization Management Program (FedRAMP) to top government cybersecurity officials, federal agencies are advised to use Zoom for Government for video conferencing over the free or commercial offerings per Reuters.
This comes on the heels of the privacy and security issues affecting Zoom's platform and software following a quick increase in new monthly active users since the start of 2020 after being used by millions of employees and students who are working and learning from home during the pandemic.
Zoom has added around 2.22 million new monthly active users this year alone while only 1.99 million started using it through 2019.
In total, the cloud-based communication platform now has over 12.9 million monthly active users, with Bernstein Research analysts stating last month that it saw a user growth of about 21% since the end of last year.
Post a Comment Community Rules
You need to login in order to post a comment
Not a member yet? Register Now