Nov 22, 2017

Uber’s recent security breach: leadership done right

Uber leadership

Uber’s new CEO, Dara Khosrowshahi, is showing strong leadership and transparency by addressing the company’s security breach head-on — and he deserves to be commended for it.

The temptation to remain silent, to downplay breaches, or to delay making an announcement is incredibly strong. We’ve seen this in any number of recent incidents including Yahoo! and Equifax, in older cases like the Target and Neiman Marcus hacks, and in Uber’s original handling of this incident in 2016.

But a lack of transparency only helps the perpetrators. By remaining silent, companies forsake the benefits of information sharing (about methods of attack and potential solutions), and they miss a valuable opportunity to raise overall awareness about cybersecurity threats. You can’t fix what you don’t know, and by remaining mum, we create an asymmetrical dynamic: Criminals share information in the dark web and improve their tradecraft, while “the good guys” remain in self-imposed isolation, each trying to address the problems on their own.

To those thinking, “My shareholders are going to have my head if I admit to a breach,” I postulate the following: Statistically, every large company has been breached. (Just check out this visualization of the biggest breachesfor a staggering reality check — and those are just the ones we know about!) As former FBI director James Comey once said, there are two kinds of big companies: Those who know they’ve been hacked and those who don’t know they’ve been hacked. By coming out and being transparent, the good guys can learn, share solutions, and — importantly — give other victims a chance to take whatever remedial actions they can. The adage of “the first step to getting better is to admit you have a problem” is highly relevant here.

In Uber’s case, the company is now absolutely taking the right steps to tell their customers what has been happening and how they are fixing the issues. Mr. Khosrowshahi is showing real leadership by disclosing what happened and taking strong corrective actions.

Top photo credit: World Travel & Tourism Council/Flickr

Subscribe to our newsletter