2 Cybersecurity Lessons From Uber’s Data Breach—Plus How Technikel Can Help
In 2022, Uber recently faced every company’s worst nightmare: a teenage hacker gained total control of their systems. Once compromised, employees were taunted on the company Slack channel and executives watched in real-time as sensitive financial data was distributed online.
Uber’s hack was a wakeup call for companies to examine their cybersecurity.
People are fooled easier than systems
Human error makes secure systems vulnerable. Hackers fool employees into handing over passwords and other credentials by exploiting human behavior via social engineering. That’s how Uber was breached. The teen sent repeated push notifications to their target, tricked the victim into accepting, then contacted them on WhatsApp pretending to be IT staff asking for an employee password.
This vulnerability underscores the importance of proper tech training for employees and contractors. Your systems are only as secure as your least trained person—which is why we spend time on-site and train your staff on security. Your staff knows who we are and how we can help. They know we’d never approach them asking for passwords like the teen who hacked Uber.
Two-factor isn’t secure enough
Ineffective security measures can actually attract hackers. This was the case with Uber, as the hacker cited the lack of cybersecurity as a motivating factor in the attack. Another reason companies should invest in their tech stack and security. As alluring as weak cybersecurity is to bad actors, hackers tend not to attack secure corporate systems directly.
A common cybersecurity misconception is that two-factor authentication can sufficiently protect internal systems. The Uber hack illuminated just how easy this access control measure can be bypassed by exploiting human behavior. They succeed in targeting staff members because secure systems require more effort to breach.
Technikel can help
We understand access control is a major point of vulnerability for many businesses, which is why that’s included in our managed service offerings.
The best way to protect your company from cyber attacks is to have a comprehensive tech strategy that includes infrastructure, software, and staff training. We can strengthen your current processes and provide overall “air cover” as your IT department.
Contact us today for a free security assessment.