Uber has urged other startups and disruptive companies to follow its lead in embedding security into operations from the outset.
Samantha Davison, security awareness and education programme manager at Uber, said during a panel discussion at Infosecurity Europe in London that the firm embraced a cyber security awareness culture at a very early stage.
"Attackers and hackers aren’t going to wait for a company to become established before they go after your information, your data, your people. So it’s important to build security in from the get-go," she said.
"Working with the security team to build our large security programme gives [us] the opportunity to bake security into our culture. We’re making security part of our DNA."
This is easier said than done, and Uber had to build a security programme around the needs of its employees and users rather than relying on the company’s cyber security experts.
As such, Uber has focused on a few selected areas, rather than trying to educate employees and customers on every aspect of security and potential attack vectors. For example, one area of focus is on how to avoid becoming a victim of phishing attacks, which Davidson believes is a way to improve security awareness.
This is a real threat, as the CEO of an Austrian airline parts manufacturer found out recently when he lost his job after approving a payment of £40m that came from a phishing email.
This is pertinent because security awareness isn’t taught very well at the moment, according to the panel, which also consisted of experts from University College London and the UK transport sector.
Things like SSL warnings and other blanket cyber security messages go largely ignored, and the panel agreed that a new approach is necessary, like finding ways to engage the attention of people in a more effective and bite-sized way, rather than dictating dull security policies.
Davison explained that Uber tests the effectiveness of the company's cyber security awareness programmes by simulating phishing attacks to see whether people are still caught out by scams after an awareness course.
This may sound snaky, but Uber appears to be fairly secure compared with digital services like LinkedIn.
Security awareness may not be the best way to stop people falling foul of cyber attacks, but it still appears necessary given the insecure passwords people use with online services.
Users are told that their non-existent 'iPhoneID' is expiring soon
Expansion of SDK intended to expand Amazon Alexa ecosystem
Locky returns from a prolonged rest with two new variants
AMD lambasted over Radeon RX Vega pricing that will add an extra £100 to RX Vega 56 and 64 graphics cards
Company accused of failing to tell anyone that the launch prices were only introductory offers