With rapid change going on in most businesses, it's little surprise that speculation and hasty conclusions can supersede taking the time to validate the facts for ourselves. Many articles have come out recently about vulnerabilities in video conferencing tools, but even when the vulnerabilities are real, we shouldn’t draw the wrong conclusions from them. In recent days, I have heard a number of statements that I would suggest go too far. I’ve heard people saying, “Use this solution, as that one is insecure!” and so on.
It’s possible to look up current known vulnerabilities for any popular conferencing tools. Sites such as CVE Details maintain records of vulnerabilities. You can visit them and see for yourself how many known vulnerabilities in conferencing tools there are and when they were discovered.
So what you should take away from what you find?
Also, don’t forget that not all risks are equal. It's worth checking through vulnerabilities as they are posted to assess how much of a risk they pose to your organization.
Understanding the risk a vulnerability poses to your organization will help you determine the right balanced response steps to take.
All too often, we forget to take into account how the specific vendor responds to a vulnerability. The reality is that all code will have errors. It's written by humans, and we aren’t perfect. What makes the real difference is what comes after the vulnerability is revealed.
It's only human nature that in heightened times we have to make decisions faster. We should remember that emotions take hold in our brains much faster than logic (read “Thinking, Fast and Slow,” by the Nobel-Prize winner Daniel Kahneman). Most of us are already in an emotional state with the world challenges we face, and as such, we have to pay additional attention to allow our logical brains to make the right decisions. As security teams work to adjust to organizational changes and increases in remote work, it’s key to remain logical as we assess how to react to vulnerabilities in the tools we use to enable our daily work.
Read more about best practices for video conferencing security.
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement. Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.