As the dust settles around Uber’s recent data breach, the internet will likely begin to point fingers at those who they deem responsible for the attack, which allegedly occurred through a social engineering scam targeting Uber employees’ credentials. But playing the blame game — whether it’s directed at specific Uber security controls, employees or even the company itself — is pointless in an industry where time would be better spent learning lessons, applying mitigations, and sharing for awareness rather than spewing ‘shoulda woulda coulda’ criticisms.

Read full article on Security Magazine