The latest Uber data breach is a result of the common social engineering technique. A NordLayer expert explains how to prevent it and avoid suffering immense costs to business.
Uber Technologies is currently investigating the circumstances of a high-scale data breach that resulted in the company’s engineering and internal communications systems being compromised. A hacker, who claimed to be an “information technology worker,” allegedly contacted an Uber employee and persuaded them to hand over a password to the company’s internal systems – a technique known as social engineering.
Social Engineering and Its Costs
“Social engineering is a main technique used by cybercriminals to gain access to companies,” says Martynas Paškauskas, head of development at NordLayer, Nord Security’s product for business network protection. “It can be truly fatal to a company’s operations and cost an immense amount of money, averaging 4.35M USD per data breach, according to the latest data. Once a hacker persuades an employee to grant access to internal systems, say, pretending to be an ‘IT technician’ who really needs that password to ‘fix something,’ little can be done to stop them. Criminals will go as far as shutting down the entire system, commonly to demand a huge ransom to undo the damage.”
According to research conducted by NordVPN, 84% of internet users have encountered social engineering before, but only 51% can identify it at all, resulting in 36% having fallen victim to it at least once.
Why Social Engineering Happens
“Social engineering is based solely on exploiting normal human weaknesses, like trustfulness,” explains Paškauskas. “And we should not underrate how witty and persuasive modern cybercriminals have become. Remote work and lack of cybersecurity supervision increase risk, too. Yahoo, Facebook, Twitter, LinkedIn, and now Uber have experienced data breaches recently – that means it can happen to any company that doesn’t pay enough attention to who can gain access to internal systems and how. Lack of employee education is another contributing factor.
“That’s why the most advanced and up-to-date solutions for business protection use the zero-trust model, meaning literally: never trust anyone, and always verify who you let inside,” says Paškauskas. “People make mistakes, so it’s important make sure your technology is reliable.”
To protect your company from a social engineering-induced data breach:
- Think about introducing regular training sessions on cybersecurity, commonly used techniques, and their consequences.
- Rely on a modern, zero-trust model-based business security solution to eliminate human factor-related security incidents.
