Sullivan was arrested and charged with two felonies: obstruction of justice and misprision. During his tenure as Chief Security Officer (CSO) at Uber (April 2015–November 2017), the firm suffered a data breach in which over 50 million customers and drivers’ personal information was compromised. In an effort at extortion, hackers demanded six figures from Uber. In return, Uber paid the hackers $100,000 via its HackerOne bug bounty program and instructed them to delete the stolen information to conceal the incident.
Even though the event happened in the autumn of 2016, it wasn’t made public until after Uber’s new CEO, Dara Khosrowshahi, had been in office for over a year. U.S. regulators were unhappy with how the hack was handled, and Sullivan was dismissed. At the time, the FTC was looking into a different, minor cybersecurity problem that the ride-sharing company had in 2014.
How Could Sullivan Have Avoided Data Breach in Uber?
Hiring managed security service providers (MSSPs) can help to avoid security breach problems. Emerging technological developments in today’s digitalized world make it imperative for businesses of all sizes to secure their most precious data and assets against infiltration and breach.
Most organizations lack the means to respond quickly enough to new security threats, like Uber’s data breach. This is when an MSSP comes in handy. MSSPs offer their services locally or remotely, most frequently using cloud computing. They provide comprehensive security solutions, from initial infrastructure setup to ongoing security monitoring and incident response. While some MSSPs offer partial outsourcing of an organization’s information security program, others provide comprehensive services across the board.
Access to security professionals and additional personnel is the key perk of managed security services. By ensuring that corporate IT is constantly informed about security concerns, audits, and maintenance status, MSSPs free up the employing organization to concentrate on security governance rather than administrative duties. Despite a growing understanding of the necessity of preventative security measures, many businesses continue to delay putting sensible security measures into place until they have suffered a loss due to a data breach.
Managed security service companies are a wise choice since they provide constant supervision, 365 days per year and 24 hours per day. Without the right security tools and resources, it may be a significant drain on resources to keep up with constantly shifting threats, deal with them as they appear, and recover from incidents discovered too late.