Uber’s failure to report a huge data breach in 2016 has, ironically, focused much more attention on the incident than it might probably otherwise have received.
A hacker accessed and downloaded a database held during a private Github account containing personally identifying information related to around 57 million Uber users and drivers, including around 600,000 drivers’ license numbers.
However, instead of disclosing the breach, the corporate paid the hacker $100,000 through its bug bounty program to delete the info and stay quiet.
In 2017, Uber paid $148 million to settle the investigation.
However, the saga didn’t end there, and therefore the US Department of Justice has now charged Uber’s former chief security officer, Joseph Sullivan, with obstruction of justice.
Risky business
The breach has highlighted a number of the issues that enormous gig economy companies face.
In the case of Uber, says Paul Bischoff, privacy advocate at consumer website Comparitech.com, “Although Uber takes some precautions like driver’s license scans and background checks, drivers can still share their vehicles and accounts. Uber’s non-driver employees never physically meet or interact with the overwhelming majority of drivers.”
The sharing economy is growing rapidly, with the US sector alone projected to succeed in $455.2 billion by 2023, employing around 57 million people. In many cases, workers are accessing networks from personal devices that lack standard enterprise-level security.
“The sort of devices employed by independent contractors can create a management nightmare,” says Morgan Wright, chief security advisor at endpoint security software firm SentinelOne.
“The user and eventual customer must believe the safety of the platform, the billing system and a number of other services that are outside their control.”
According to research from security software firm CyberArk, 90% of organisations allow third party vendors access to their critical systems, and 72% put third party access in their top ten security risks.
“As is clear , the matter is widespread, and therefore the risk is broadly understood. However, it's not being acted upon,” says David Higgins, EMEA technical director at CyberArk.
“The majority of organisations use approaches that are just not optimised for efficiency, and don’t consistently apply corporate security policies across on-premises and cloud resources. Any solution for third party privileged access must have basic security best practices that mirror established policies for internal workers.”
Multiple solutions required
Dave Waterson, CEO at security software company SentryBay warns that multiple solutions will almost certainly be needed.
“If standard anti-virus and endpoint detection and response are already in situ , subsequent protections supported containerisation, anti-keylogging and anti-screen scraping should be implemented as standard, and that they must be complementary and compatible,” he says.
As the worldwide coronavirus epidemic continues, gig working is on the increase .
Retailers large and little , for instance , are taking over huge numbers of delivery drivers, couriers and warehouse workers.
For those finding themselves getting into the gig economy, says Sam Curry, chief security officer at security firm Cybereason, “Start with what you permit remote today, confirm you recognize the threat landscape and your business and talk, role-by-role, about what are often wiped out the short-term gig economy and what can’t; and involve security, HR and legal early and sometimes because the gig worker environment evolves.”
0 Comments
waseemabbas121a@gmail.com