In September of 2022, the world-class transportation company Uber was a victim of a social engineering attack that resulted in a huge data breach of sensitive information. According to The Washington Post, the hacker also obtained the Amazon Web Services credentials (AWS) along with the app’s source code and is planning to release it soon.
This is not the first time Uber has been a victim of a cyberattack. In 2016 the organization suffered another data breach that exposed the information of 57 million
users around the world including names, addresses, and phone numbers in addition to the driver’s license numbers of 60,000 drivers.
What Can We Learn From This Security Breach?
Company Size Does Not Matter
Even though Uber is a technological giant and has the resources to develop world-class security plans and measures this does not exempt them and other big companies from cyberattacks. To have an effective cybersecurity program companies must consider multiple aspects. One of the most important in both big and smaller companies is the human element.
Security and the Human Element
According to Verizon’s 2022 data breach report, 82% of data breaches last year involved some type of human element to be successful. Hackers are no longer relying on technology to attack big and small companies. That’s why implementing good security awareness training and constantly educating your employees is so important to keep your organization safe.
The Importance of Security Awareness Training
Although details are still emerging as Uber and law enforcement investigate, it seems that the hackers were posing as Uber IT employees to gain access by sending Uber employees an MFA authentication request. Having the best security measures in the market won’t cut it if your associates and employees are not educated and prepared to deal with cyberattacks. Training employees at all levels should be a top priority for companies that wish to maintain high-security measures.
As we saw earlier, all members of a business, even CEOs and managers, can be a victim of social engineering. That’s why it is crucial that everyone in the company is educated on cybersecurity and should take part in a security awareness training program.