1
Cyber Security in Organizations
Course Name
Name
University
Address
Date
� 2
Cyber Security in Organizations
The world has gone digital, and the organizations have to go along to maintain a
competitive edge in their industry (Susan & Novianti, 2019). This means constantly evolving to
align with the opportunities brought about by technology. Technology in businesses makes them
more efficient and economical and even adds security to a business (Susan & Novianti, 2019).
However, this advantage has its limitations. Automated internal processes, communications
between the organizations and the clients, and the use of the cloud have exposed the
organizations to cyber-attacks. The USA was the most attacked country in 2018, leading to an
88.78 bn USD in information technology (Johnson, 2021). This paper reviews the cyber security
provisions in the USA and in Uber, the risks they are exposed to, their impact on them, and the
legislation used to maintain order.
Uber is an app platform founded in 2009 in the USA that connects riders with cab drivers
willing to serve them. Ergo, uber relies heavily on information technology across diverse parts
of its operations. Their efficiency depends on technology, giving them a competitive edge
compared to taxis. This ranges from services like processing payments, linking the cab drivers
and the passengers, communication in the organization, and communication between their
service providers, i.e., apple and google. Uber is a popular platform and has vast amounts of
data from its employees, customers, and Uber drivers.
The USA lacks a federal law governing data protection for its citizens, but some states
have developed them. Since uber operates across all the states in the USA and the international
market, several cyber security laws apply to them. These include; the US Code chapter 98,
which requires all public companies such as uber currently to provide accurate financial
statements; SEC CFR part 248, subpart A, which requires them to have appropriate cyber
� 3
security measures; 18 U.S. Code Chapter 119 and 18 U.S Code Chapter 121 which forbids the
use of communication without authorization; the consumer privacy protection act of 2017 which
ensures privacy and protection of sensitive personal information of consumers and lastly the
GDPR which protects personal information and data security of EU citizens and residents from
organizations regardless of where their operations are based. In addition, there are provisions
like protecting personal data's privacy and transborder flows (1980 and 2013). Uber is also
ethically obligated to maintain accuracy when collecting data, not storing it longer than
necessary, and protecting their users' sensitive data.
According to Uber’s ESG report (2021), Uber has measures in place to govern data
privacy and security, which is the target of cybercrimes for Uber. These measures include a
collection of only the necessary data, maintaining the transparency of their data practices, giving
the users the choice of the data they want to share, and safeguarding the data collected.
According to Uber’s report, their information security program is based on ISO 27001/2 across
all platforms to maintain standards, security, and confidentiality.
Specialists should investigate cybercrime cases because the evidence is volatile and can
be easily lost. Digital forensic applications should be employed to gather as much evidence as
possible. Per the provisions of Cybercrime module 4, the steps followed during such an
investigation are identification, collection of the evidence from physical or digital, acquisition of
the evidence, and preservation. Cybercrime has diverse impacts on the victim organization.
This can occur regarding the direct cost of replacing the compromised hard drives and software,
paying the ransoms, and fines and compensations. Uber was fined $148m for the security breach
they incurred and $100,000 in ransom for stolen information (Guardian, 2018). In addition to
direct costs to the organizations, there is damage to reputation, which reflects the financials of
� 4
the said organizations (Paoli et al., 2018). This is a result of a loss of integrity. When there is a
breach in cyber security, the operations are halted, and, in some cases, there is a loss of valuable
data for the company (Paoli et al., 2018). Some of the appropriate measures that should be in
place to prevent this occurrence are educating staff on the organization’s security measures and
protocols, which can avoid breaches through phishing and restricted employee data access.
Employees should have access to the data necessary to perform their roles; they also need to
protect the physical devices that have access to the organization’s platforms (Irwin, 2021).
Finally, security programs installed should be in accordance with ISO 27001/2.
For better services, Uber needs to share information with its users, both the drivers and
the customers. There are measures in place governing the information-sharing process. First,
uber shares information with its users upon their request. This might be sharing with friends an
ETA, sharing with third parties, i.e., for services and emergency services. In addition, the data
can be shared with the account owner when a person uses their account to request services. This
process is guided by the privacy principles built into its services. The data is put into ethical use.
Cyber laws are designed to deal with the legal issues of internet use. The Federal Computer
Fraud Act (CFAA) is the statutory mechanism used to prosecute cybercrimes in the USA. This
accounts for both criminal offenses and penalties. It is designed to prevent unauthorized access,
which includes exceeding the access provided, accessing a protected computer with the intent to
harm, damaging data from a computer intentionally or as a result of reckless behavior, passing
threats, extortion, and trafficking passwords. It extends to Electronic Communications
Protection Act (ECPA) which protects stored or communication in transit. Hacking has a
penalty of up to ten years in prison, similar to denial of services and planting of malware.
Phishing is punished with a sentence of up to twenty years. Other crimes that are covered
� 5
include stealing an identity. Possession of hardware or software used to perpetrate crime,
electronic theft, and any other activity adversely affects the security, confidentiality, or integrity
of information technology systems and data.
In conclusion, while there is an increase in the need to evolve with technology, there is
also a need to review the security of the information technology of the system. Firms like uber
have been victims of cybercrime and have gotten punished two-fold for the mistake. Cyber laws
cover every crime base, but it is up to the organization to ensure they do not fall victims to
cybercrimes. This is because its impact is more significant than just the direct costs incurred.
� 6
References
18 U.S. Code § 1030 - Fraud and related activity in connection with computers. (n.d.). LII /
Legal Information Institute. https://www.law.cornell.edu/uscode/text/18/1030
Irwin, L. (2021, December 2). 5 ways your organisation can suffer a data breach. Vigilant
Software - Compliance Software Blog.
https://www.vigilantsoftware.co.uk/blog/understanding-the-7-different-types-of-data-
breaches
Johnson, J. (2021, April 29). U.S. government and cyber crime - Statistics & Facts. Statista.
https://www.statista.com/topics/3387/us-government-and-cyber-crime/
#dossierKeyfigures
Paoli, L., Visschers, J., & Verstraete, C. (2018). The impact of cybercrime on businesses: a novel
conceptual framework and its application to Belgium. Crime, Law and Social Change,
70(4), 397–420. https://doi.org/10.1007/s10611-018-9774-y
Reporter, G. S. (2018, September 26). Uber fined $148m for failing to notify drivers they had
been hacked. The Guardian. https://www.theguardian.com/technology/2018/sep/26/uber-
hack-fine-driver-data-breach#:%7E:text=Uber%20fined%20%24148m%20for%20failing
%20to%20notify%20drivers%20they%20had%20been%20hacked,-This%20article
%20is&text=Uber%20will%20pay%20%24148m,a%20settlement%20announced%20on
%20Wednesday.
Susan, A., & Novianti, W. (2019). Benefits of Technology for Business. IOP Conference Series:
Materials Science and Engineering, 662(3), 032036.
https://doi.org/10.1088/1757-899x/662/3/032036
