Cybersecurity Incident Response: Three Lessons from Uber’s Story

Doug Hudson, Senior Director, Cyber Risk Advisory, Coalfire

The recent news regarding the Uber breach has captured the attention of both the public and legislators. It seems that Uber’s security team discovered a breach, paid a ransom, and didn’t report the matter to company leaders, law enforcement, personnel, or customers.

I’ve never personally worked with Uber, and I’ll leave it to others to evaluate the appropriateness of company’s actions. But as Coalfire's leader for Incident Response Planning Advisory services, I see three key tips for every security practitioner:

  1. Review and test your Computer Security Incident Response Plan (CS-IRP). There are still too many companies that don’t have a CS-IRP or are limping along with an untested plan that they downloaded from the internet.

  2. Examine your policy to make sure it:

    1. Defines key terms like “breach” and “incident”

    2. Provides guidelines for categorizing and prioritization of incidents and events

    3. Names the team that will handle them (which may vary based on classification)

    4. Clarifies the process flow and decision rights among those team members

  3. Ensure that the board of directors and legal counsel have signed-off on the CS-IRP as a matter of company policy.

These three items are gaining in importance, especially now that law-makers are considering legislation that would impose notification requirements. And while it’s hard to anticipate if, how and when those rules will impact you, your boss and your board is now on notice. If they haven’t already, they will likely be asking you for assurances that controls are in place to keep the Uber story from playing out at your company.

Doug Hudson


Doug Hudson — Senior Director, Cyber Risk Advisory, Coalfire

Recent Posts

Post Topics



Accounting Agency AICPA Assessment assessments ASV audit AWS AWS Certified Cloud Practitioner AWS Certs AWS Summit bitcoin Black Hat Black Hat 2017 blockchain Blueborne Breach BSides BSidesLV Burp BYOD California Consumer Privacy Act careers CCPA Chertoff CISO cloud CMMC CoalfireOne Compliance Covid-19 credit cards C-Store Culture Cyber cyber attacks Cyber Engineering cyber incident Cyber Risk cyber threats cyberchrime cyberinsurance cybersecurity danger Dangers Data DDoS DevOps DevSecOps DFARS DFARS 7012 diacap diarmf Digital Forensics DoD DRG DSS e-banking Education encryption engineering ePHI Equifax Europe EU-US Privacy Shield federal FedRAMP financial services FISMA Foglight forensics Gartner Report GDPR Google Cloud NEXT '18 government GRC hack hacker hacking Halloween Health Healthcare heartbleed Higher Education HIMSS HIPAA HITECH HITRUST HITRUST CSF Horror Incident Response interview IoT ISO IT JAB JSON keylogging Kubernetes Vulnerability labs LAN law firms leadership legal legislation merchant mobile NESA News NH-ISAC NIST NIST 800-171 NIST SP 800-171 NotPetya NRF NYCCR O365 OCR of P2PE PA DSS PA-DSS password passwords Payments PCI PCI DSS penetration Penetration Testing pentesting Petya/NotPetya PHI Phishing Phising policy POODLE PowerShell Presidential Executive Order Privacy program Ransomware Retail Risk RSA RSA 2019 Safe Harbor Scanning Scans scary security security. SOC SOC 2 social social engineering Spectre Splunk Spooky Spraying Attack SSAE State Stories Story test Testing theft Virtualization Visa vulnerability Vulnerability management web Wifi women XSS