Network Security

A Different Kind Of Disclosure: IPO Slack Makes An Honest Confession About Cyber Risks

Public and would-be public companies are required to list the risks they face so investors are fully informed about what could happen to their money. Pre-IPO companies in particular offer lengthy recitations of what could go wrong that are usually restricted to things like “failing to attract customers” or “fluctuations in foreign currency exchange rates.”

Slack Pro-IPO Disclosure

Companies about to join the adult table may also list “government regulations” or “litigation” as threats to financial health, but it’s highly unusual to see companies list cybersecurity risks as something that could impact investors. In fact Slack may be the first to be so detailed in their April pre-IPO disclosure:

A security incident may allow unauthorized access to our systems, networks, or data or the data of organizations on Slack, harm our reputation, create additional liability, and harm our financial results.”

That’s just the headline of one enumerated risk. It gets more interesting as you read the details:

“…we also face threats from sophisticated organized crime, nation-state, and nation-state supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risks to Slack, our internal systems and our partners’ systems, as well as the systems of organizations on Slack and the information that they store and process.”

In the same filing, Slack acknowledged what every InfoSec professional already knows: customers (and employees) are a risk, too.

“Users or organizations on Slack may also disclose or lose control of their API keys, secrets, or passwords, or use the same or similar secrets or passwords on third parties’ systems, which could lead to unauthorized access to their accounts and data within Slack…” 

That is an extraordinary disclosure statement. Slack, which has become one of the leading collaboration tools used by teams, makes security one of the critical components of its brand and invests heavily in security.

But, it’s also a smart move on Slack’s part to acknowledge that they are a target for sophisticated attacks which may seek to use Slack as a gateway to their highly prized customer’s data. Slack is acknowledging that attacks come from highly advanced, well resourced, and organized groups.

Even the best security backed by leading practices does not eliminate the threat from determined attackers. For Slack to make such a bold statement, it ups the ante for all companies that face the same danger to varying degrees.

Ron Samson

Recent Posts

Top 5 Benefits of Managed Endpoint Detection and Response for Businesses

In today's digital landscape, businesses face an increasing number of sophisticated cyber threats. To combat…

2 weeks ago

SIEM Data Retention Best Practices for Effective Threat Detection

Security Information and Event Management (SIEM) systems play a crucial role in modern cybersecurity strategies.…

3 weeks ago

Cloud SIEM Solutions: A Complete Guide to Streamlined Threat Detection

In today's digital landscape, organizations face an ever-increasing number of cyber threats. To combat these…

3 weeks ago

Endpoint Detection and Response vs Antivirus: Key Differences

In the world of cybersecurity, protecting endpoints - such as computers, laptops, and mobile devices…

3 weeks ago

Explaining What Is EDR in Cyber Security and Its Key Benefits

In the ever-changing world of cyber threats, organizations need robust tools to protect their digital…

4 weeks ago

How a Cyber Security SOC Analyst Responds to Real-Time Threats

In the realm of cybersecurity, the role of a SOC (Security Operations Center) analyst is…

4 weeks ago