Cyberattack aftermath leaves Okta with limited disruption
Okta's Q1 Fiscal 2025 Results and Cybersecurity Update
Okta, a leading identity and access management provider, recently reported a quarterly net loss of $40 million on $617 million in revenue for the first quarter of fiscal 2025. This marks a 19% year-over-year increase in revenue.
Despite the financial losses, Okta's CEO and Co-Founder Todd McKinnon remains cautious yet optimistic about the company's performance. He stated that the cyberattack has yet to impact the company's financial performance significantly, but it may take time before the company can fully recover from the incident and regain confidence in its financial guidance.
The breach, which occurred in September 2022, affected about 2.5% of Okta’s corporate customers, allowing hackers access to its internal network. However, it did not breach the Okta service itself or impact Auth0, HIPAA, or FedRAMP customers. Okta has made meaningful progress in elevating the security of its products and internal operations since the attack.
The attack highlighted risks involving third-party service providers and internal network security. Okta responded to the support system breach by slowing product development and making security its top priority. The company ended the first quarter of fiscal 2025 with 19,100 customers, a 6% year-over-year growth, and added 150 net new customer additions during the quarter.
Industry advice emphasized improving threat detection, quicker breach disclosure, and hardening identity and access management systems against social engineering and persistence tactics, which are common threads in attacks on cloud service providers like Okta. Strong recommendations for customers include enabling multi-factor authentication (MFA) across all user accounts, especially using hard security keys, as other MFA methods can be vulnerable to phishing.
Okta is committed to embodying secure-by-design principles across its products and championing best practices. In response to the attack, Okta plans to invest $50 million in a fund to address external cybersecurity challenges over the next five years.
It's worth noting that Okta has not reported a quarterly profit since it went public in April 2017. The company's fiscal 2025 first quarter earnings call was held recently, but potential customer churn or slower growth due to the cyberattack has not yet been observed in Okta's results.
References: 1. Okta Security Advisory: https://www.okta.com/csr/security/security-advisory-okta-support-portal-compromised/ 2. Okta Fiscal 2025 First Quarter Earnings Call: https://investor.okta.com/news-releases/news-release-details/okta-reports-first-quarter-fiscal-2025-results
Despite the financial losses, Okta's CEO, Todd McKinnon, is staying cautiously optimistic about the company's performance, citing that the cyberattack has not significantly impacted their financial performance yet, but recovery may take time. In response to the attack, Okta is investing $50 million in a fund to address external cybersecurity challenges over the next five years, demonstrating their commitment to upholding secure-by-design principles and championing best practices in cybersecurity.
