Uber’s security breach should be a lesson for all
What happened?
On September 13, Uber’s system was breached, forcing the company to take its internal communications and engineering systems offline while they investigated the extent of the hack. They discovered that the hacker breached their computer network through an employee’s Slack account, who later used the internal platform to message the company listing the several internal databases the hacker had compromised.
This is not the first time that Uber has been attacked by hackers. In 2014, an intruder gained access to personal information and Uber failed to protect the information of around 100,000 drivers. Two years later, in 2016, Uber suffered a larger breach of information, exposing 57 million drivers and riders’ information to hackers. The hacker demanded $100,000 to delete their copy of the data. Uber’s response to the incident raised alarm, as they acquiesced to the hacker’s demands and concealed the hack for a year.
The current cyber-attack is still an evolving situation and they are investigating the cybersecurity incident while staying in contact with law enforcement. So far it is not clear what the hacker wants out of this incident, aside from comments about higher pay for Uber drivers.
What are the consequences?
With the ongoing investigation, recovering from this could take almost a year, costing the business millions of dollars. According to a study by IBM, the average time for a large company to identify and contain a breach was 277 days and the average total cost is 4.35 million dollars. The longer a company takes to respond to a data breach, could result in federal entities, loss of customer trust, and time lost to the breach instead of business operations.
Small businesses have the advantage of having less downtime after being attacked, however the cost of downtime can include missed opportunities as well as losing customer trust. The average cost of a data breach among small businesses can range from $120,000 to $1.2 million.
Small businesses are the most at risk after an attack as 60% of small businesses go out of business within 6 months of an attack. Small business should not underestimate the importance and likelihood of these threats, since 43% of all attacks target small businesses. Now more than ever, every small business must have critical protections in place to protect their bank accounts, client data, confidential information and reputation from the tsunami of cybercrime.
What can we learn from this?
It’s imperative to have a quick response time and protocol in place when you have identified a data breach, in order to mitigate as much potential damage as possible. No one can control how bad cyber-attacks can become, but the Uber breach teaches us that attacks can be mitigated by robust and layered cybersecurity defenses along with constant staff education to recognize potential sources of danger.
If you feel like you are not sure where to start, contact DDkinfotech for a Risk Assessment to begin identifying your cybersecurity needs.
