November 30, 2023 at 05:56PM
Okta updated the impact of its September hack from less than 1% to all customers, revealing the potential for heightened phishing risks due to leaked user data. Despite this, Okta reported a 20% revenue increase and remains optimistic about its identity platforms. However, some are observing a market shift away from Okta due to security concerns.
**Meeting Takeaways: Okta Security Incident and Business Update**
1. **Incident Update**:
– After further analysis of a September breach, Okta has revised the number of impacted customers from less than 1% to 100%.
– The unauthorized access on September 28 led to a data leak which included company names, contact info, usernames, roles, and other various data.
– The leaked information could enable social engineering and phishing attacks, similar to previous breaches affecting MGM Resorts and Caesars Entertainment.
2. **Okta’s Advisory**:
– All Okta customers have been warned about the increased risk of phishing and social engineering scams.
– Okta recommends that all its customers should enable multifactor authentication (MFA), with 94% of customers already doing so, and consider phishing-resistant authenticators.
3. **No Evidence of Active Exploitation**:
– So far, there is no evidence of the compromised data being actively used by malicious parties.
– However, cybersecurity best practices, such as user training, are advised.
4. **Cybersecurity Recommendations**:
– Viakoo CEO Bud Broomhead suggests focus on best practices like enabling MFA for the remaining 6% of Okta customers without it.
– Additional recommendations include setting session timeouts and reauthentication requirements for sessions from new IP addresses.
5. **Financial Update**:
– Despite the attacks, Okta reported a 20%+ increase in revenue for the quarter ending October 31.
– Record non-GAAP operating profit and record free cash flow were significant highlights of Q3.
– Okta is bullish on the adoption of its Okta Identity Governance and Okta Privileged Access solutions, with 18,800 organizations trusting the platform.
– Okta’s stock prices suffered a decline following the data leak news, but the investor fallout appears to be minimal.
6. **Market Perception and Brand Impact**:
– It is suggested to consider the time lag in sales revenues being impacted by cyber incidents when evaluating brand damage.
– Some indication from the market shows a shift away from Okta to other SSO platforms due to security concerns, noting Okta’s recent history and the need to rebuild trust in security.
7. **Okta’s Response**:
– Okta has not provided an immediate comment regarding this incident.
**Action Items**:
– **Okta Customers**: Review and strengthen cybersecurity practices, enable MFA, and consider phishing-resistant authenticators.
– **Okta Management**: Address and communicate measures being taken to bolster security; be transparent with customers and stakeholders.
– **Monitoring**: Keep track of the situation for signs of exploited data and adjust strategies accordingly.
– **Investor Relations**: Prepare communication to address concerns from the financial perspective, emphasizing growth despite the breach.