Uber Hack Update: Did Lack of Employee Security Awareness Open Door to Hackers?

September 22, 2022 | Comments(0) |

The recent Uber hack, where hackers breached into the business-critical system of the ride-hailing and food delivery company, Uber, exposed how vulnerable businesses are to cyber-attacks. The breach compromised Uber’s internal systems and even prohibited employees’ access to internal tools like Slack and G Suite.  

The breach came to notice only when the hacker made their presence known to Uber’s employees through a message on the internal Slack system, which said, “I announce I am a hacker and Uber has suffered a data breach,” the Times reported. 

But the question remains who is responsible for such a security breach in a high-profile company like Uber? 

The 18-years-old sole hacker behind the beach told the Times that he could break in due to Uber’s weak security. The hacker reportedly compromised an employee’s Slack account using social engineering, persuading them to share sensitive data like a password that allowed access to Uber’s systems.  

However, after investigating the attack, the company had a different story to share. Uber blames Lapsus$, a hacking group that earlier targeted the Brazilian Ministry of Health in 2021, compromising millions of COVID-19 vaccination data through a ransomware attack. The attacker supposedly purchased one of Uber’s contractor’s account passwords from the dark web, and as a result, their accounts were compromised, leading to the breach. 

Research suggests that 90% of security breaches take place due to human error. In Uber’s case, there were security lapses that made it easier for the hacker to penetrate the company’s systems. Most of the time, employees of a company are not trained and skilled enough to address such incidents or prevent them. Lack of security awareness training could be blamed for the increasing number of cyber-attacks at organizational levels. 

So, what should companies do to prevent being hacked?  

Well! It’s simple; enterprises should train and upskill employees on security to prepare them for future challenges.  

Cyber Security Skill Development Through Upskilling and Reskilling 

The evolving landscape of cyber-attacks demands organizations to continuously keep developing employee skills. However, their approach to security training is often inadequate. The very belief that having information technology (IT) security personnel on board or sharing the security best practices with employees is enough to prevent cyber threats is wrong. Instead, what they need is a comprehensive cybersecurity training plan in place that can upskill and reskill their employees at regular intervals. 

Security skill training is highly effective in transforming employee attitudes and behavior around critical security practices. A skilled workforce is competent to protect company data from security breaches which can save a lot of money and critical business data. 

Deciding on how and when to upskill or reskill your workforce depends on many factors, such as cyber risk exposure, existing skill set, and more. There are plenty of cybersecurity certifications available in the market that organizations can choose from and based on their requirement; they can get the employees certified on them. For instance, if your business is in the cloud, then you can get your IT security team certified on AZ-500: Microsoft Azure Security Technologies course which teaches candidates how to implement security controls, protect data and applications, and manage identities in a cloud environment for an organization. Other Microsoft security certification courses include:  

  • Exam SC-200: Microsoft Security Operations Analyst 
  • Exam SC-300: Microsoft Identity and Access Administrator 
  • Exam SC-400: Microsoft Information Protection Administrator 
  • Exam SC-900: Microsoft Security, Compliance, and Identity Fundamentals 
  • Exam SC-100: Microsoft Cybersecurity Architect 

Final Thought 

Cybersecurity training is no longer optional and is a priority for organizations. It has become imperative for businesses of all sizes to invest in upskilling and reskilling their employees on cybersecurity to ensure a secure future amidst the ongoing tech disruptions. 

Do you want to build a skilled workforce ready to combat security threats? 

All you need is an authorized security training provider who can cover skills lag within your organization and prepare a team of certified security professionals. 

At CloudThat, we offer customized corporate training programs on the various cloud security certification courses available in the market.  

Reach us to know more! 

 


Leave a Reply