To state the obvious, Zoom usage skyrocketed over the past few years. Assume that you are the CISO for a large M&A firm that has been using Zoom to discuss their deals, as well as other very sensitive financial information with clients. You have been asked by the CFO of the firm to research and report on the security vulnerabilities that were reported about Zoom in the spring of 2020.
More specifically, the CFO wants to know what, in your opinion, were the two most significant security vulnerabilities that were identified during that time. The CFO assumes that these have been patched since then so you do not need to discuss their resolution. Your report should be three or four paragraphs long and it should focus on the vulnerability and what would have happened if the vulnerability was exploited by a bad actor.
Put aside for your report a discussion of Zoom’s privacy policies about user’s personal data which were not very clearly explained at that time. Also, put aside for this report to the CFO the problem of Zoom bombing since that issue was very well understood.
Here are a couple links for background:
https://www.theguardian.com/technology/2020/apr/02/zoom-technology-security-coronavirus-video-conferencing