Getty Images/iStockphoto

Zoom Enacts CISO Advisory Board, as COVID-19 Fuels Privacy Issues

Following reports of privacy incidents and vulnerabilities, an investor has filed a lawsuit against Zoom. In response, the videoconferencing platform instated a CISO Advisory Board.

Zoom announced it instated a CISO Council and Advisory Board in response to privacy concerns that have come to light, as popularity of the app has soared to more than 200 million users during the Coronavirus pandemic.

The news follows an investor filing a lawsuit against the videoconferencing platform in response to those serious privacy incidents.

CNBC was first to report that Zoom shareholder, Michael Drieu, filed a lawsuit against Zoom in the US District Court for the Northern District of California, claiming the vendor failed to disclose privacy and security challenges with its platform.

The lawsuit argues that multiple reports of the company’s privacy failings have knocked the company’s stock value. While Zoom shares remain up by 67 percent since the start of the year, the shares fell in the recent session.

For reference, Zoom shares were listed at $67.72 in January 2, 2020. Stock price rapidly increased as the platform became one of the most popular for use during the pandemic, among Microsoft Teams and Slack.

As privacy and security concerns were brought to light, the stock price dropped to as low as $111. 41. But at the time of publication, shares were listed at $124.65.

Reports have disclosed multiple vulnerabilities in the Zoom platform, including sharing data with Facebook due to the use of its Software Design Kit, “Zoombombing,” and promotion of end-to-end encryption when the security measure was not used on most videoconferencing calls.

The FBI has warned hackers are also targeting Zoom and other videoconferencing apps. As Zoom has a health-specific platform and the Office for Civil Rights expanded telehealth use to any non-public-facing videoconferencing tools during the pandemic, Zoom’s privacy concerns are troubling.

Amid these reports, Sen. Richard Blumenthal, D-Connecticut, sent a letter to the company demanding insights into Zoom’s privacy and security practices. Zoom CEO Eric Yuan responded to these reports by halting all software development to focus on addressing these privacy and security concerns.

In Zoom’s latest move, Yuan announced on Wednesday that the company established a CISO Council and Advisory Board, which involves security leaders from various sectors, including HSBC, NTT Data, Procore, and Ellie Mae.

The Council will also have an established Advisory Board, which will include a subset of CISOs who will personally advise Yuan on privacy and security issues. Yuan explained that the board will assist in ensuring privacy and security becomes the prime focus for the platform.

“Collaboration across the industry is one of the most effective ways to ensure we are implementing security and privacy best practices,” Yuan wrote. “I’m truly humbled that — in less than a week after announcing our 90-day plan — some of the most well-respected CISOs in the world have offered us their time and services.”

“The purpose of the CISO Council will be to engage with us in an ongoing dialogue about privacy, security, and technology issues and best practices — to share ideas, and collaborate,” he added.

In continued response to these concerns, computer scientist Alex Stamos has joined Zoom as an outside advisor to assist with the company’s comprehensive cybersecurity review. Currently an adjunct professor at Stanford’s Freeman-Spogli Institute, Stamos will help Zoom implement best practice security controls and practices.

“Zoom has gone from being a successful mid-sized enterprise IT company to a critical part of the lives of hundreds of millions in the space of a couple of months,” Stamos wrote. “I am attracted to difficult problems and this creates some doozies.”

“To successfully scale a video-heavy platform to such a size, with no appreciable downtime and in the space of weeks, is literally unprecedented in the history of the Internet,” he added. “It has been clear to many people who have worked on production-scale systems that something special has been happening at Zoom, and the related security challenges are fascinating.”

Next Steps

Dig Deeper on Cybersecurity strategies