Network Security

A Different Kind Of Disclosure: IPO Slack Makes An Honest Confession About Cyber Risks

Public and would-be public companies are required to list the risks they face so investors are fully informed about what could happen to their money. Pre-IPO companies in particular offer lengthy recitations of what could go wrong that are usually restricted to things like “failing to attract customers” or “fluctuations in foreign currency exchange rates.”

Slack Pro-IPO Disclosure

Companies about to join the adult table may also list “government regulations” or “litigation” as threats to financial health, but it’s highly unusual to see companies list cybersecurity risks as something that could impact investors. In fact Slack may be the first to be so detailed in their April pre-IPO disclosure:

A security incident may allow unauthorized access to our systems, networks, or data or the data of organizations on Slack, harm our reputation, create additional liability, and harm our financial results.”

That’s just the headline of one enumerated risk. It gets more interesting as you read the details:

“…we also face threats from sophisticated organized crime, nation-state, and nation-state supported actors who engage in attacks (including advanced persistent threat intrusions) that add to the risks to Slack, our internal systems and our partners’ systems, as well as the systems of organizations on Slack and the information that they store and process.”

In the same filing, Slack acknowledged what every InfoSec professional already knows: customers (and employees) are a risk, too.

“Users or organizations on Slack may also disclose or lose control of their API keys, secrets, or passwords, or use the same or similar secrets or passwords on third parties’ systems, which could lead to unauthorized access to their accounts and data within Slack…” 

That is an extraordinary disclosure statement. Slack, which has become one of the leading collaboration tools used by teams, makes security one of the critical components of its brand and invests heavily in security.

But, it’s also a smart move on Slack’s part to acknowledge that they are a target for sophisticated attacks which may seek to use Slack as a gateway to their highly prized customer’s data. Slack is acknowledging that attacks come from highly advanced, well resourced, and organized groups.

Even the best security backed by leading practices does not eliminate the threat from determined attackers. For Slack to make such a bold statement, it ups the ante for all companies that face the same danger to varying degrees.

Ron Samson

Recent Posts

Top Benefits of Working with SOC as a Service Provider

In the ever-evolving realm of cybersecurity, organizations face a constant battle to protect their digital…

3 weeks ago

SOC Risk Management: Best Practices for Effective Threat Mitigation

Effective threat mitigation is a cornerstone of modern cybersecurity, and SOC risk management plays a…

3 weeks ago

SOC Report Audit: Key Steps to Ensure Accurate Results

Organizations today face increasing scrutiny over how they manage and protect sensitive data. The SOC…

4 weeks ago

NDR vs EDR: Addressing Different Layers of Security Effectively

As cyber threats become more sophisticated, organizations must deploy comprehensive security strategies to protect their…

1 month ago

Why Proper EDR Installation is Critical for Endpoint Protection

As cybersecurity threats continue to grow in complexity, organizations must ensure robust endpoint protection to…

1 month ago

The Role of Managed EDR in Protecting Remote Workforces

The shift to remote work has redefined the cybersecurity landscape. Organizations must now secure endpoints…

1 month ago