Cyberattacks are a threat to businesses of all sizes today — even the world’s most tech-savvy companies can land in hot water when their security protections leave them vulnerable to data breaches. But without the right compliance tools, the real boiling point of a cyberattack may not be the breach itself, but how your company responds to it.
Case in point: Uber. The scandal-ridden ride-sharing company fell victim to a large-scale cyberattack in October 2016, with hackers hijacking the personal data of 57 million Uber customers and drivers.
But after discovering the breach, Uber failed to report the attack to regulators as required by law. Instead, Uber paid off the perpetrators with $100,000 ransom to destroy the data and keep the incident under wraps.
The company didn’t disclose the breach and payoff to regulators for more than a year.
Uber’s discovery, then delay
As if that wasn’t bad enough, the company ‘s leadership clearly knew about the incident well in advance of (finally) reporting it in November 2017. According to reports, Uber’s CEO Dara Khosrowshahi knew of the breach for more than two months prior to disclosing it, and the company informed a potential investor about the attack before telling regulators or affected customers.
Uber fired Chief Security Officer Joe Sullivan following the November disclosure — but by then, the company was already under investigation for a separate round of privacy violations. And while Uber has never revealed exactly when Khosrowshahi first learned of the breach, the truth is that he should have, and could have, learned about it almost instantly – before a payoff ever took place – had Uber been utilizing the right compliance solutions.
Detect risks before they’re liabilities
For large companies like Uber, malfeasance can be hard for compliance teams to detect using traditional approaches such as investigations or audits. Given the massive volume of customer data — and the scale of internal communications circling through the business engine — it takes a robust solution to pinpoint potential infractions.
For instance, eCommunications monitoring services offer compliance teams an extra layer of protection from costly risks and liabilites. By working with a trusted partner to monitor email and other server-based communications for suspicious activity — across one or more areas of concern — companies get actionable, near-real-time insights into high-risk issues as they happen, rather than months after the fact.
And by using the right technology and services, companies won’t risk jeopardizing employee trust in the process. Conduent’s eCommunications Monitoring and Audit Solutions flags only phrases and concepts that indicate increased risk of a compliance infraction — rather than simply “reading” all internal communications.
What Uber’s bad behavior makes clear is that the stakes for businesses — from legal costs to incalculable reputational damage — could not possibly be higher. And in today’s fast-moving, digitally connected economy, keeping your company out of hot water is guaranteed to protect your bottom line.