Complacent attitude towards a data breach

Data breaches are the cost of doing business.

 

At least this is the complacent attitude often taken by many in the business world today.

While it is true that cybercrime and the risk of data loss aren’t going away within the near future, many users fail to realize the level of prevention they have in their power.

This fact was highlighted yet again in the most recent mega breach to hit the news.

 

500 million guests

Late last month, Starwood Resorts, a subsidiary of Marriott Hotels, the largest hotelier in the world, reported on a years-long data breach that had hit company databases.

According to reports, as many as 500 million guests may have had their personal information compromised in an exposure that lasted four years. Details on how the hack was executed are as of now still unknown.

The effects of the data breach

The effects of the report were immediate.   Marriott stock fell more than 5.5 percent by the end of the day the announcement came, closing at $115.03.   Hours after the breach was made known, two Oregon men filed suit against Marriott for exposing their data. Only hours after the first claim, a second lawsuit was issued by a group from Maryland. While no amount for damages was specified in the second lawsuit, the pair from Oregon is seeking $12.5 billion in reparations.

Marriott's breach also caught  the attention of US  legislators and regulators and the EU GDPR officials.   The attention from policymakers on the Marriott breach was for two reasons.

First is the sheer size of the hack.  If reported numbers are anywhere near accurate, the recently discovered breach would be among the largest ever in history.

Second is the nature of data compromised.   While other hacks have been larger in quantity (the 2013 Yahoo breach, which affected as many as 3 billion accounts, remains still the largest on record) the breach of hotel guest lists is unique.   Highly sensitive details, from phone numbers, to addresses, to credit card numbers, are included in such a database.   It's been speculated that Marriott indicated that it may have stored the private keys needed to decrypt payment card information alongside the card details themselves in an unencrypted format—which, if true, constitutes a major lapse in accepted key management procedures.

Déjà Vu

For those following trends in the IT industry, the Marriott breach was eerily familiar.  The enormous hack was in many respects the 2017 Equifax breach all over again.

As in the Marriott hack,  huge volumes of highly sensitive financial data were  compromised when Equifax--a credit reporting agency--had its systems hacked by cybercriminals.   Also similar to Marriott, following the Equifax incident, legislators jumped on company executives with claims of data security negligence.  The criticism of Equifax’s security protocols was highlighted again recently in a congressional report on the incident published by the House Committee on Oversight. In the report, lawmakers remind the public that Equifax was knowingly operating with a flawed framework for developing Java EE web applications—the vulnerability that allowed the breach to occur.

The take away

The take away from both the Marriott breach and the recent House report isn’t just that companies should fear governmental retribution for negligence. Rather that there are in fact basic steps enterprises can (and should) be taking that will insure a high level of security for their networks.

GTB’s Data Protection that Works solutions give companies the edge on managing their data security. Powered by smart, intelligent algorithms GTB’s software monitors sensitive data, accurately, in order to help identify malicious activity and protect data. With its automated DLP protocols, GTB constantly assesses traffic and indicates possible breach related activity before it can succeed in the exfiltration of data.

GTB puts the power back in the hands of administrators to accurately and efficiently identify attacks against their networks.

 

 

Comments are closed.