This article from ZDNet was of particular interest to us as a Network Security Company and really hit home how much potential financial impact Cyber-Attacks can have on any and all private and publicly listed companies. The cloud-based team collaboration platform, SLACK, recently filed documents with the SEC, with the intention of going public on the stock market. What was of particular interest in their filing is that they specifically warned new investors that cyber-attacks pose a serious risk to the performance of its stock. As per the ZDNet article, “It is very rare that a company going public lists cyber-security related issues as a major factor that may influence its stock, yet it somehow makes sense for Slack, a company whose reputation solely relies on its ability to maintain client confidentiality.” The company provided a fairly generic list of cyber-security threats that could potentially pose a risk to its business, including: “traditional computer ‘hackers’, malicious code (such as malware, viruses, worms, and ransomware), employee theft or misuse, password spraying, phishing, credential stuffing, and denial-of-service attacks”, in an effort to cover all of its bases. However, company officials also highlighted that above all of these, “nation-state supported actors” are one of the biggest threats to the company.
The biggest point to take out of Slack’s filing is that the company, due to the wealth of sensitive information on its servers about the multitude of companies that use its platform, the company expects to be at the top of most hacker groups’ target list and fully EXPECTS that it will be hacked. It’s not a matter of “if” but of “when”.
In a quote from its officials in its SEC filing: ”Despite significant efforts to create security barriers to such threats, it is virtually impossible for us to entirely mitigate these risks, especially when they are attributable to the behaviour of independent parties beyond our control”.
What this is doing is sending a clear message to its investors that cyber-attacks are almost certain to occur in the company’s future and that they should be prepared to take the financial hit when it happens.
Clearly, Slack is taking a proactive approach in this filing, and providing an abundance of caution. With other companies out there in similar situations, where they are in possession of sensitive or proprietary information that could potentially cost millions of dollars in damage if this information was hacked and leaked, going the route that Slack has gone with its recent filing may be the way to insulate itself from some of these damages.
As we wrote about in an earlier blog regarding insurance companies’ unwillingness to cover malware breaches, this could become the new norm of dealing with potential financial fallout from an “inevitable” breach; at least protecting itself from potential investor lawsuits claiming that they had not been warned of such risks.
In any event, we’ll have to see how this affects future listing from other companies. It is applaudable that Slack is taking this stance right now; taking more of a “prevention” approach to its future dealings. However, for Slack and other companies in this situation, they should really consider enhancing their networks security with a solution that follows the same “prevention” approach.
Luckily, Slack is well-designed, using a custom protocol of JSON objects sent via a WebSocket channel (which they call their Real-Time Messaging API). For the tech geeks out there, you can find out more about Slack in its documentation. WedgeARP can intercept this traffic and scan for any malicious activity; blocking in real-time when needed. For our existing customers who are using Slack, you can contact us through Wedge Support (email@example.com) to learn more about how you are protected.
In the mean time, the Wedge Advanced Malware Blocker, which Wedge offers FREE on a 90 day trial, takes the “prevention” angle one step further, allowing organizations to “Detect and Block” any malware (including new and never-before-seen varieties) BEFORE it hits the network. If an organization is expecting that it is going to be hacked at some point in its future, they might be able to rest a little bit easier with WedgeAMB enhancing its network security. Please email our team at firstname.lastname@example.org to find out more about how we can detect and block malware in real-time.