The stakes have never been higher for security and IT professionals. Concerns over COVID-19-related illness, government lockdown and social distancing rules, along with uncertainty around when we might get back to our normal routines, have left us all guessing. The good news, despite these uncertainties, is that technology has enabled us to remain connected. However, with technology dependence comes risk.
The use of virtual meeting technology has increased by more than 1000% in some cases. While this is great news for virtual meeting product companies, the hacker community at large has taken notice and is moving aggressively to exploit the new attack strategy, and as such, the stakes have never been higher for those tasked with safeguarding the online presence of businesses throughout the world.
The FBI and other credible sources have reported four distinct virtual meeting product exploits. First, meeting hijacking occurs when someone enters a virtual meeting using compromised credentials to disrupt the meeting, usually with expletives or unsuitable content. Second, the takeover of a device’s camera or microphone for surreptitious recording. Third, unauthorised disclosure of your personal information to third parties. Fourth, communications intercept, which may allow someone to steal data or communications from the meeting session.
Products should be built with privacy and security at their core
Now, what about the unknown exploits? There are almost certainly more to be found. The key to protecting communication products doesn’t require a crystal ball or the ability to see the future. Products need to be designed with security and privacy in mind from the ground up. For example, 8×8 Video Meetings, Powered by Jitsi, is a battle-hardened technology that has been built from the ground up with security, privacy and compliance in mind. The product includes key features like strong encryption, randomised meeting names and password protection, and the product continues to show its resilience even to the known exploits menacing other industry products today.
Another key layer of defence against current and unknown exploits is the platform’s own defences, in which the particular communications product resides. Platforms need to be purposely built with foundational security standards that remove obstructions to the monitoring, detection and response to anomalous or suspect behaviour, streamlining processes to engage and act; ultimately to further protect customers’ confidential information and a business’ intellectual property.
Encryption is another key security element that has been repeatedly overlooked. Unfortunately, many products on the market still don’t use encryption or use a weaker forms of encryption, which is especially troubling when you consider that in virtual meetings, a lack of strong encryption can lead to session data or even ID’s being intercepted by unscrupulous third parties.
The next major step is true end-to-end encryption
While strong encryption should be a requirement for all communications platforms, it’s still not enough. Video communications are subject to decrypt and re-crypt points across the communication channel. True end-to-end encryption avoids the need for any decrypt until the destination is reached. This advancement is a major step forward in making online meetings as secure as possible.
One final thought for any Security and IT professionals reading this – Don’t subject your organisation or yourself to any unnecessary risk due to weak encryption or poorly designed virtual meetings products. The hacking community has found a new target in virtual meetings. So, take the necessary steps to verify product encryption levels and make sure the products you’re evaluating are built with security and privacy from the ground up. With all that’s at risk today, it’s not worth trusting your organisation’s data to any company that includes security and privacy as an afterthought.