With the onset of the COVID-19 remote work exodus that has seen billions stuck at home, video conferencing apps have exploded in popularity. At the forefront is the service Zoom.
However, with Zoom’s explosive popularity came a series of highly publicized security issues. To unpack this, ITNA’s Jenna Delport chatted with Gabe Goldhirsh, VP MEA at digital risk protection company, ZeroFOX. Here’s what transpired:
Why is Zoom, in particular, the target platform of choice for dedicated cyber attacks? And was it about Zoom that made it so popular to users in the first place?
The rapid movement to remote work as a result of the pandemic caused a near-overnight acceleration and adoption of all collaboration tools – especially to Zoom (due to its platform ubiquity, ease, and no/low cost licensing).
These platforms are a target entry point into an organization via phishing, malicious file propagation (via messaging components), intellectual property theft and customer scams (the latter two caused by session hi-jacking and/or impersonation).
What are some tips and tricks Zoom users can implement to reduce their risk when using the platform?
Administrators are responsible for establishing security parameters that affect internal
employees as well as any external parties that may join the organization’s Zoom meetings. To keep users safe:
- Enable password requirements for ALL remote meetings whenever possible within the tool. Password enforcement at the administrative level is a primary requirement for risk mitigation and protection of the business.
- Do NOT allow proactive entry of a meeting by participants.
- Require encryption for 3rd party endpoints
- Use Administrator locks at an organization level to prevent user changes
- Utilize notification capabilities within the app for your organization to proactively identify potential malicious activity.
- Require user authentication when utilizing Web clients and allowing users to join meetings from outside the application.
Where do you see the future of meetings and virtual group hangouts going in 2021?
Despite progress toward pandemic control, we believe remote work is here to stay. Most likely we will adopt hybrid work models (some time spent remote, some time in office) that will challenge security teams to ‘control’ the fluid work environment. This will further increase cloud/SaaS adoption, allowing attackers to have near equal access to employees, customers and stakeholders. Adopting DRP for security will no longer be an option in this ‘new normal’.
How does ZeroFOX protect organisations from bad actors?
ZeroFOX provides complete Digital Risk Protection which encompasses digital footprinting (identifying digital assets of an organization), analysis of threats (determination of impersonating or malicious content or assets, and prioritization of those based on unique threat landscape) and remediation (ranging from inline offensive or malicious content removal to freezing accounts to halt takeovers, to attacker infrastructure disruption such as domain takedown to thwart future attacks).