Uber Breach Reinforces Need to Rethink Enterprise Security Response
As if the personal data of more than 57 million customers and drivers being exposed is not bad enough, the timing and response to the recently exposed Uber breach is especially problematic.
Several studies on data breaches indicate that it can take up to nine months to identify and resolve a security incident. This is simply too long, and in the case of Uber, it took more than a year to disclose the massive breach.
It was easy for hackers simply exploiting the login credentials from a private GitHub coding site used by Uber software engineers, obtaining access to Amazon Web Services, to then discover information on Uber drivers and guests.
There are several things we as security professionals need to keep in mind in the aftermath of this and other major breaches we have seen in the past.
First, be honest. Everyone will get to know about a data breach sooner or later. And, you have an obligation to disclose the breach information to legal entities/authorities.
If we take the Uber case, according to GDPR (EU General Data Protection Regulation), Uber can face penalties of up to 4% of its annual turnover as of 25 May 2018. Think about Uber's turnover; I don't need to mention any numbers here!..
https://www.isaca.org/Knowledge-Center/Blog/Lists/Posts/Post.aspx?ID=907
===
by Idham Azhari
No comments:
Post a Comment