Different distributions use different defaults. Debian by default asks for a root password during installation. As a result, su works by default. However, Debian does not automatically set up /etc/sudoers during installation, which means sudo cannot elevate to root level by default.
Ubuntu, on the other hand, sets up sudo by default during installation. The root account does not have a password, by default. As a result, su does not work, by default.
In an environment where physical access to the console is restricted, the su method is more convenient (no sudo prefix for commands). However, sudo is more secure in an environment where a machine has little physical access restriction.
Note that even if sudo is used, the account(s) that can elevate to root level must have strong passwords or other secure authentication methods. Otherwise, a hacker can first hack into a user’s account, then use the same (weak) password to sudo.