As we adapt to life during the COVID-19 crisis, organizations are making—in some cases—wholesale changes to the way they conduct business and interact with each other.
Just take a look at app download charts for iOS or Android. Video conferencing apps are surging, both in terms of downloads and usage, as much of the world is “social distancing” and, when possible, working from home.
Image: The top-5 free iOS apps on April 2, 2020
What’s interesting about the information above is that Zoom—a web conferencing tool typically used by businesses—tops the chart over more consumer-oriented apps, such as Houseparty and TikTok.
Zoom’s Big Adoption Boom
So, if Zoom is dominating mobile app installs, what impact is it having in the business environment?
Using anonymized and aggregated data collected by our Arctic Wolf Agent, we examined the number of endpoints running a Zoom client over the past few months.
Our data shows that, in March, 13.4 percent of endpoints in our customer base sample ran Zoom clients, more than tripling the 4.3 percent figure we observed in January.
The increase is likely driven by the organic growth of Zoom’s business as more organizations adopt the tool as they begin to work from home. But there is also the possibility that increased usage rates could be influenced by individuals installing the Zoom client for personal use on their computer to stay in touch with family and friends, without the approvals or knowledge of their IT or security team.
While Zoom adoption is clearly growing, over the past several weeks, there has been increasing coverage concerning potential security issues with Zoom. These have included sharing data with Facebook, the discovery of a vulnerability that allows threat actors to steal Windows credentials, and the increase of a phenomenon known as Zoom-bombing, where bad actors can share explicit content in meetings unbeknownst to the meeting host.
How to Manage the Zoom Boom in Your Business
For any business using or considering Zoom, be mindful that the company currently faces a great deal of scrutiny from security researchers and threat actors alike, simply because of its recent explosion in usage. As a result, don’t be surprised if previously unidentified security issues are soon found. This is common for software applications, and not unique to Zoom.
Our Recommendation for Zoom Users: Be Patient, But be Vigilant.
The Zoom-bombing issues are certainly exploitable in the real-world but can be prevented through the use of a meeting password, or by enabling a waiting room. As for other issues, Zoom has committed to a 90-day feature freeze to shift “engineering resources to focus on our biggest trust, safety, and privacy issues.”
As security-conscious users of these types of services, organizations should concentrate on how the company reacts once issues are identified, more than the issues themselves.
While Zoom releases patches to their software to improve security and privacy issues, it will be important that businesses deploy updated client versions as soon as possible, as threat actors are likely to see the threat surface causes by Zoom’s new installations a prime target.
From there, it will be up to individual businesses to make the determination if Zoom’s service aligns with their risk tolerance, because even competing services like WebEx and Skype are no stranger to having security issues of their own.
Zoom Usage is Just One of the Current Cybersecurity Challenges
This spike in Zoom usage is only one example of how COVID-19 has changed the work and personal behaviors of both individuals and organizations. If you would like to develop a better understanding of some of the other challenges IT teams now face to secure their organizations as employees work from home, check out our recent webinar: Cybersecurity for Your Suddenly Remote Workforce.