When Uber issued a message saying, ‘We are currently responding to a cybersecurity incident’ it confirmed a New York Times story that a hacker claiming to be 18 years old had gained wide-ranging access to the company’s network.
The details of the attack are still not fully clear – but it’s been reported the hacker gained high-level privileges by compromising the messaging app Slack (and even sent a message to employees saying, ‘I announce I am a hacker and Uber has suffered a data breach.’).
How to respond to a data breach
So how should companies handle this ‘nightmare scenario’, where a hacker has gained high-level access, and the breach is making headlines around the world?
‘Uber has done one thing exactly right,’ says Paul Maxwell, co-founder and director of Stratia Cyber. ‘Companies need to very quickly and very publicly own that there is a cyber incident, lay out everything they know about it, and outline what steps they are taking to combat it – in this case, that they are in touch with American law enforcement. This offers reassurance to customers, investors and stakeholders and helps to minimise reputational damage.’
Education is key
The hacker has shared screenshots showing how he claimed to have gained access – by sending a text message pretending to be from a corporate IT person and using that to gain access to Slack and later to other systems in Uber’s Google and Amazon clouds.
‘The fact that this hacker appears to have gained access to source code using this trick highlights how cybersecurity is a “people thing”,’ says Maxwell. ‘Social engineering attacks like this are increasingly common – and clearly effective. Education about the importance of not sharing passwords should be a basic requirement for any company, in any sector.’
So what could the long-term effects of the attack be? And how should the company respond in the coming days?
‘I would imagine that security teams at Uber are working very hard indeed at present,’ says Maxwell. ‘The company has started to deal with the communications side of the breach, but with the level of access this hacker appears to have gained, it will take considerable work to ensure they are actually gone. The one positive sign is that it’s not clear that this hacker is out to gain anything other than attention.’
Maxwell says that responding rapidly and communicating clearly are key to dealing with such a breach – and ensuring it never happens again.
Maxwell says, ‘The first few days after an attack are critical, and Uber will need to be completely transparent about the extent of this attack to try to minimise the legal, financial and reputational fallout – which can last for years.’
Penetration testing can help companies expose cybersecurity weaknesses before a breach occurs, by using the same techniques cybercriminals use to probe an organisation’s defences.
Risk management offers organisations an overview of their businesses and their systems, highlighting what vulnerabilities exist and how to minimise cyber threats.