Industry Leaders And Cybersecurity Experts Insight On Marriott International Data Breach

The Marriott International hotel chain has fallen victim to its second major data breach in as many years, after information of 5.2 million guests was accessed using the login credentials of two employees at a franchise property.

Compromised information may involve contact details, including postal and email addresses and phone numbers; information relating to customer loyalty accounts, but not passwords; personal details such as employers, gender and birth dates; partnerships and affiliations, such as details of linked airline loyalty programs; and guest preferences, such as room preferences and languages.

Experts Comments

April 02, 2020
Becky Nicholson
Data Privacy Consultant
Bridewell Consulting
With the sheer volume of data breaches in recent time, we’re at risk of becoming numb to the danger these attacks pose. All organisations, including Marriott International, must take steps to protect their systems and ultimately customer data. This means taking basic steps such as putting in place regular security assessments, a strong patching and password policy, and enforcement of multi-factor authentication on every public facing system. These are not silver bullets but can go a long way.....Read More
With the sheer volume of data breaches in recent time, we’re at risk of becoming numb to the danger these attacks pose. All organisations, including Marriott International, must take steps to protect their systems and ultimately customer data. This means taking basic steps such as putting in place regular security assessments, a strong patching and password policy, and enforcement of multi-factor authentication on every public facing system. These are not silver bullets but can go a long way to improving security. Technical defence is still paramount, and in particular, regular penetration testing is vital. But it is also just as important to test employee awareness. Employees will always be the weakest link but with the right education can be an organisation’s biggest asset in terms of defence. Such employee awareness training can also be measured by regular phishing or red team assessments.  Read Less
April 03, 2020
Tim Sadler
CEO
Tessian
Marriott customers should now be alert to the fact that they could receive targeted phishing scams from hackers impersonating the hotel group, leveraging the information they have stolen to steal payment details or account passwords. If you receive a suspicious email that asks you to carry out an urgent action, do not comply with the request, click the link or download any attachments. Contact the hotel directly to verify whether the request is legitimate.
April 02, 2020
Chris DeRamus
VP of Technology Cloud Security Practice
Rapid7
Hotels collect personally identifiable information (PII) and other highly sensitive data on their guests. As such, hospitality organizations are an attractive target for cybercriminals. This is Marriott’s second major breach reported in recent years, and this time, the breach appears to have occurred due to compromised employee credentials. While this breach didn’t affect nearly as many hotel guests than the incident back in 2018, the exposed information includes guests’ contact details,.....Read More
Hotels collect personally identifiable information (PII) and other highly sensitive data on their guests. As such, hospitality organizations are an attractive target for cybercriminals. This is Marriott’s second major breach reported in recent years, and this time, the breach appears to have occurred due to compromised employee credentials. While this breach didn’t affect nearly as many hotel guests than the incident back in 2018, the exposed information includes guests’ contact details, employer, gender, birthday, as well as Marriott loyalty program account information and airline loyalty program information, which is more than enough for bad actors to leverage and launch extremely tailored phishing attacks aimed at the impacted guests. To protect customer data, enterprises must adopt a least privilege access across cloud environments, including a robust approach to identity and access management (IAM). In these environments, everything has an identity – users, applications, services, and systems. Organizations must implement multi-factor authentication (MFA) for all users, securely manage service accounts and their corresponding keys, enforce least privileged access, and enforce best practices for the use of audit logs and cloud logging roles.  Read Less
April 02, 2020
Andrew Hollister
Director
LogRhythm
A global company like Marriott, which collects massive amounts of personal information about its guests, will always be an attractive target for bad actors. Whilst this is the second data breach Marriott has reported in the last two years, there are some positives to draw from the statement released today. In the previous incident in 2018, Marriott detected signs of unauthorized activity going back four years. In this new case, the activity appears to have begun in January 2020 and been.....Read More
A global company like Marriott, which collects massive amounts of personal information about its guests, will always be an attractive target for bad actors. Whilst this is the second data breach Marriott has reported in the last two years, there are some positives to draw from the statement released today. In the previous incident in 2018, Marriott detected signs of unauthorized activity going back four years. In this new case, the activity appears to have begun in January 2020 and been detected during the course of February 2020. This is a significant improvement in time to detect and respond to a data breach. Whilst a significant number of records has been breached, the reduced time to detect has no doubt contributed to the number being substantially lower than on the previous occasion. This latest data breach just goes to show that continuing vigilance is required to keep reducing the time to detect and respond to threats, and that real reductions in impact can be made with focus on this issue which affects every company on the globe which holds personal information.  Read Less
April 01, 2020
Rahul Kashyap
President and CEO
Awake Security
The Marriott breach is an example of how every attack these days is an insider attack in some way—whether the insider is acting maliciously themselves, or has had their credentials stolen. Most organizations lose the battle against insider attacks when it comes to the time it takes them to discover the threat since the actions often blend in with normal day-to-day activities. To Marriott’s credit, it appears an excessive amount of access by two individuals within its organization stood out.....Read More
The Marriott breach is an example of how every attack these days is an insider attack in some way—whether the insider is acting maliciously themselves, or has had their credentials stolen. Most organizations lose the battle against insider attacks when it comes to the time it takes them to discover the threat since the actions often blend in with normal day-to-day activities. To Marriott’s credit, it appears an excessive amount of access by two individuals within its organization stood out as a red flag. For others looking to learn from their example, however, spotting this type of outlier activity is likely becoming more difficult as work habits shift due to the Covid-19 pandemic.  Read Less
April 01, 2020
Ameesh Divatia
Co-Founder & CEO
Baffle
While it may come as no surprise that breaches continue to happen, the fact that the same organization is sustaining repeated breaches is strong evidence that the modern-day data access channel remains unprotected. Today’s threat model requires organizations to protect information in a data-centric manner, and by and large, many organizations are simply not protecting data in that manner.
April 01, 2020
Ameet Naik
Security Evangelist
PerimeterX
Account takeover (ATO) attacks are a major threat to any business. It is much simpler and lucrative to walk in through the front door with valid stolen credentials than to look for holes in an organization's cybersecurity defenses. With the vast volume of stolen credentials out there, hackers launch credential stuffing attacks using automated bots. Eventually they find a username and password that works that will let them buy goods for resale, drain loyalty accounts of points or steal personal.....Read More
Account takeover (ATO) attacks are a major threat to any business. It is much simpler and lucrative to walk in through the front door with valid stolen credentials than to look for holes in an organization's cybersecurity defenses. With the vast volume of stolen credentials out there, hackers launch credential stuffing attacks using automated bots. Eventually they find a username and password that works that will let them buy goods for resale, drain loyalty accounts of points or steal personal information. The data stolen from this breach will invariably make it to the dark web and further fuel this cycle of ATO attacks. In the past month we have seen a significant increase in the percentage of ATO traffic to travel and hospitality sites, surging to as high as 80% of all login attempts. This shows that while travelers are staying home, the hackers are still out and about. For enterprises, it is extremely important to use multi-factor authentication for admin accounts, and use bot management solutions to limit automated attacks. For consumers, it is best to use different passwords on every site and to lock down their credit reports.  Read Less
April 01, 2020
Chris Morales
Head of Security Analytics
Vectra
Vectra research shows that privileged access from unknown hosts occurs inside every industry, leading to unintended exposure of critical systems. Yet these privileged accounts rarely receive direct oversight or technical control of how they are used, even when privileged access management tools are in place. It is this lack of oversight or understanding of how privileged accounts are being used that creates the operational and financial risk for organizations. If used improperly, privileged.....Read More
Vectra research shows that privileged access from unknown hosts occurs inside every industry, leading to unintended exposure of critical systems. Yet these privileged accounts rarely receive direct oversight or technical control of how they are used, even when privileged access management tools are in place. It is this lack of oversight or understanding of how privileged accounts are being used that creates the operational and financial risk for organizations. If used improperly, privileged accounts have the power to cause much damage, including data theft, espionage, sabotage, or ransom.  Read Less
April 01, 2020
Charlie Wedin
Partner
Osborne Clarke
This will be unwelcome news for Marriott, particularly coming so quickly after the Information Commissioner's Office's announcement, in July 2019, of its intention to fine Marriott the record-breaking sum of £99 million under GDPR for a previous security incident. In light of this recent history, if this latest incident stems from weak security measures (whether technical or organisational), we can expect regulators and the public to be particularly unsympathetic.
April 01, 2020
Gerrit Lansing
Field CTO
STEALTHbits Technologies
The kinds of information disclosed in the latest Marriott breach might seem innocuous, but it is precisely this kind of intelligence that enables threat actors to better target attacks on consumers. Simply: the more I know about you, the better chance I have of fooling you. Compromised credentials remain one of the top vectors for this kind of compromise, and strong authentication before accessing sensitive information one of the best defenses.
April 01, 2020
Sam Curry
Chief Security Officer
Cybereason
We're in an unprecedented time in recent memory, and while Marriott's disclosure today regarding a hack of their network started in January, well before the world's attention shifted to COVID-19, this should be a stark reminder to every corporation that hackers don't sleep under any circumstances. In the old days we used to say that “loose lips sink ships,” but in this day and age “a loose click kills quick.” Marriott's initial disclosure of 5 million compromised accounts pales in sheer .....Read More
We're in an unprecedented time in recent memory, and while Marriott's disclosure today regarding a hack of their network started in January, well before the world's attention shifted to COVID-19, this should be a stark reminder to every corporation that hackers don't sleep under any circumstances. In the old days we used to say that “loose lips sink ships,” but in this day and age “a loose click kills quick.” Marriott's initial disclosure of 5 million compromised accounts pales in sheer volume to their 2018 breach, but tell that to the more than 5 million customers. Today, it is less about bayoneting the wounded and a lot more about how Marriott makes sure this never happens again? Brands are suffering regularly and time will tell what happened with Marriott and people will need to be held accountable as needed. And with any breach the proprietary information about inner workings of an organization and private communications can ultimately lead to lawsuits, terminations and other material actions. In general, Global 1000 organisations need security awareness training plans and incident response and threat hunting teams working constantly to stay ahead of hackers. Suggested remediation measures include: 1) Educate employees on how to correctly handle suspicious emails to prevent initial downloading or dropping of malware. 2) In order to protect against lateral movement, do not use privileged accounts, avoid RDPs without properly terminating the session, do not store passwords in plain text, deploy good authentication practices, disable unnecessary share folders, and change the names of the default share folders used in your organisation. 3) Proactively approach security by performing hunts and searching for suspicious behavior before an incident starts.  Read Less
April 01, 2020
Tim Mackey
Principal Security Strategist, Synopsys CyRC (Cybersecurity Research Center)
Synopsys
This data breach at Marriott International highlights the importance of performing a detailed threat model on business operations and then implementing appropriate monitoring controls to ensure that threat vectors can be quickly identified. In this case, the attack vector was via compromised employee credentials. Those credentials provided access to guest services within individual properties under the Marriott brand. Since employees often have access to sensitive customer data, creating.....Read More
This data breach at Marriott International highlights the importance of performing a detailed threat model on business operations and then implementing appropriate monitoring controls to ensure that threat vectors can be quickly identified. In this case, the attack vector was via compromised employee credentials. Those credentials provided access to guest services within individual properties under the Marriott brand. Since employees often have access to sensitive customer data, creating appropriate alerts to detect credential misuse is particularly difficult. Examples of behaviours to look out for include: time of day (i.e., is the employee clocked in), scope of access (i.e., is the accessed data outside of their normal role), and volume of data (i.e., is the access consistent with how an employee would access data to address customer requirements). Implementing such controls requires organisations to look not only at the application security and how its deployed, but the intended usage patterns incorporating human factors data.  Read Less
April 01, 2020
Samantha Humphries
Security Strategist
Exabeam
If there is something positive to say about this breach notification, it’s that Marriott’s security team seems to have minimised the attacker’s dwell time to a little over a month. While still significant, 5.2 million compromised guests is a drastic reduction from almost half a billion the last time this organisation identified an attack. Despite this improvement – if we can call it that – whether the organisation did enough to shore up its security posture after the last breach will .....Read More
If there is something positive to say about this breach notification, it’s that Marriott’s security team seems to have minimised the attacker’s dwell time to a little over a month. While still significant, 5.2 million compromised guests is a drastic reduction from almost half a billion the last time this organisation identified an attack. Despite this improvement – if we can call it that – whether the organisation did enough to shore up its security posture after the last breach will certainly be called into question. What’s clear in this case is the credentials-based attack – whether it came via compromised credentials from unwitting employees or malicious insiders in the network – is far from rare. A 2019 Forrester survey revealed almost half of data breaches were caused by some form of insider threat. It’s a case of when this will happen for most security teams, so the focus needs to be on minimising dwell time for attackers – from months to minutes. This means gaining a clear understanding of the normal behaviours of everyone that accesses your network. Only then can you spot the anomalies more easily, flag any dangerous activity more accurately, and detect breaches sooner. The faster you can do this, the less time attackers have to ‘dwell’ in the network and more data you can potentially save.  Read Less
April 01, 2020
Rosemary O'Neill
Director - Customer Delivery
NuData Security
It is unfortunate that Marriott was hit again. In a time when travel companies are seeing their traffic go down, bad actors can still use the stolen information against other companies where those same customers transact. This news needs to remind merchants and other companies transacting online that their systems are never entirely safe from breaches, brute force attacks, account takeovers, and phishing attacks. These can happen at any time, and companies need to have their post-breach process .....Read More
It is unfortunate that Marriott was hit again. In a time when travel companies are seeing their traffic go down, bad actors can still use the stolen information against other companies where those same customers transact. This news needs to remind merchants and other companies transacting online that their systems are never entirely safe from breaches, brute force attacks, account takeovers, and phishing attacks. These can happen at any time, and companies need to have their post-breach process ready. This plan includes the implementation of a stronger verification framework so they can still correctly authenticate their good users despite the use of potentially stolen credentials. This sort of data exposure is why so many organizations – from the hospitality sector through to eCommerce companies, financial institutions, and major retailers – are layering in advanced security solutions, such as passive biometrics and behavioral analytics. These technologies identify customers by their online behavior, thus mitigating post-breach damage as hackers are not able to impersonate individual behavior.  Read Less
April 01, 2020
Ed Macnair
CEO
Censornet
This attack leaves Marriott International red faced over a security breach once again. For everyone else, it is an important lesson in how a relatively simple attack technique - account takeover - can have wide ranging and extremely costly effects. In this case, costs to the tune of 5.2 million customers' data stolen. Account takeover is basically modern day identity theft - criminals hijack an employee’s legitimate email account and use it for malicious means. For Marriott, two employee's.....Read More
This attack leaves Marriott International red faced over a security breach once again. For everyone else, it is an important lesson in how a relatively simple attack technique - account takeover - can have wide ranging and extremely costly effects. In this case, costs to the tune of 5.2 million customers' data stolen. Account takeover is basically modern day identity theft - criminals hijack an employee’s legitimate email account and use it for malicious means. For Marriott, two employee's accounts were used to steal vast amounts of guest data. While financial data wasn't stolen the personal information the criminals did get is incredibly valuable and can be used for malicious means - for example, to use personal information to conduct convincing phishing attacks against guests. While account takeover attacks can be devastating, there is a straightforward way to protect against them. The most effective method is to use two-factor or multi-factor authentication (MFA). MFA means that accounts are protected with more than just a password, for example stopping logins from strange locations or without a unique one-time-passcode. For organisations looking at this attack and wondering how to stop the same thing happening to them, MFA is a must have for admin or privileged account holders who can access sensitive data or escalate privileges.  Read Less
April 01, 2020
Michael Magrath
Director, Global Regulations & Standards
OneSpan
For Marriott International this breach probably couldn’t have come at a worse time as the near shutdown of the global travel and hospitality industries have adversely Marriott’s revenue projections. While Marriott felt the pain of a £99m GDPR fine for the Starwood breach, as a two-time offender with incidents relatively close apart, the regulators may come down hard on Marriott. If deemed a severe violation, under GDPR, companies can be fined up to 4% of global turnover of the preceding.....Read More
For Marriott International this breach probably couldn’t have come at a worse time as the near shutdown of the global travel and hospitality industries have adversely Marriott’s revenue projections. While Marriott felt the pain of a £99m GDPR fine for the Starwood breach, as a two-time offender with incidents relatively close apart, the regulators may come down hard on Marriott. If deemed a severe violation, under GDPR, companies can be fined up to 4% of global turnover of the preceding fiscal year, whichever is higher. In 2019 Marriott is expected report about $3.8 billion (USD) in global turnover (revenues). 4% would be about $152 million. Less severe violations could be subject to a fine of 2% of global turnover of the preceding fiscal year would be $76 million. The details of who was impacted by the breach have not been made public and it remains to be seen It remains to be seen if fines are levied against Marriott. If there is one silver lining to the breach, it occurred ahead of enforcement of two well-publicized data privacy and data protection laws, the California Consumer Privacy Act (CCPA) and Brazil’s General Data Protection Law (Lei Geral de Proteção de Dados Pessoais) or “LGPD”. Enforcement of the CCPA begins July 1, 2020 while the LGPD takes effect August 16, 2020. Both shall carry stiff penalties and fines which Marriott has avoided.  Read Less
April 01, 2020
Alyn Hockey
VP of Product Management
Clearswift
“Successful cyber security is not just a question of investing in the latest software, it’s about a combination of people, processes and technology. If an organisation is lacking any one of these three, then they will be vulnerable.” “The fact that this breach began in mid-January and was only discovered and halted by the end of February is really not good. It then took a further month to begin notifying the customers that had been breached. Cyber security is complicated and.....Read More
“Successful cyber security is not just a question of investing in the latest software, it’s about a combination of people, processes and technology. If an organisation is lacking any one of these three, then they will be vulnerable.” “The fact that this breach began in mid-January and was only discovered and halted by the end of February is really not good. It then took a further month to begin notifying the customers that had been breached. Cyber security is complicated and challenging against an ever-evolving threat, but an essential part of it is having the right processes in place – being able to identify breaches as soon as possible, taking measures to stop them and reporting them to the relevant authorities. It feels like those processes just weren’t in place here. Given that Marriott International has already been fined £99M by the Information Commissioner’s Office (ICO) under GDPR for its previous breach, it is hard to understand why that was the case.”  Read Less
April 01, 2020
Will LaSala
Director of Security Services, Security Evangelist
OneSpan
As a Marriott customer myself, it is very disheartening that they apparently did not learn from their first missteps. Security is easily overlooked and often misplaced trust leads to failures such as this. Large organizations can often find it difficult to implement a one-size fits all authentication and security plan. From my experience, a one-size fits all approach never works and seems to leave the door open for hackers to break through. Instead, organizations should look to implement.....Read More
As a Marriott customer myself, it is very disheartening that they apparently did not learn from their first missteps. Security is easily overlooked and often misplaced trust leads to failures such as this. Large organizations can often find it difficult to implement a one-size fits all authentication and security plan. From my experience, a one-size fits all approach never works and seems to leave the door open for hackers to break through. Instead, organizations should look to implement risk-based tools that adapt to the changes. Businesses this large, that are still having problems with their security need to bring in outside help and implement the appropriate technology such as multi-factor authentication, behavioral analysis, biometrics, and even data from third-party tools as soon as possible, to ensure that the right level of security is applied at the right time.  Read Less
April 01, 2020
Casey Ellis
CTO and Founder
Bugcrowd
Like the OPM, Anthem, Dulles and the 2018 Marriott breach, this breach is just another in a long string of attacks targeting US officials. Think about it, officials from the NSA, CIA, FBI, DoD stay at Marriott hotels, including possibly diplomats, business people or intelligence officials as they travel around the globe. The FBI’s investigation into the 2018 Marriott Breach concluded that the attackers were working on behalf of the Chinese Ministry of State Security--alarm bells should be.....Read More
Like the OPM, Anthem, Dulles and the 2018 Marriott breach, this breach is just another in a long string of attacks targeting US officials. Think about it, officials from the NSA, CIA, FBI, DoD stay at Marriott hotels, including possibly diplomats, business people or intelligence officials as they travel around the globe. The FBI’s investigation into the 2018 Marriott Breach concluded that the attackers were working on behalf of the Chinese Ministry of State Security--alarm bells should be going off. The hospitality industry continues to demonstrate a greater need for stronger security measures - especially since this is the second security incident affecting Marriott in the past two years. This attack emphasizes the need for the hospitality industry to take security seriously. Hotels collect more private personal information than most enterprise organizations (birthdays, passport numbers, email and mailing addresses, and phone numbers). Cybercriminals know what types of organizations collect troves of sensitive data, and given the amount of valuable information at hand, hospitality organizations can no longer afford to ignore their vulnerabilities.  Read Less
April 01, 2020
James McQuiggan
Security Awareness Advocate
KnowBe4
Marriott has stated that the breach stemmed from two compromised employee accounts. This highlights the criticality of multifactor authentication, passwords simply aren’t enough. It took Marriott over a month to detect that the attackers had access to their systems and a further month to alert customers. During this time, the attackers could have leveraged their access to at least 5.2 million customer account information to do very targeted phishing campaigns with impunity. Detecting.....Read More
Marriott has stated that the breach stemmed from two compromised employee accounts. This highlights the criticality of multifactor authentication, passwords simply aren’t enough. It took Marriott over a month to detect that the attackers had access to their systems and a further month to alert customers. During this time, the attackers could have leveraged their access to at least 5.2 million customer account information to do very targeted phishing campaigns with impunity. Detecting breaches stemming from compromise of an authentic user account can be difficult. A stealthy attacker may not use malware tools that might risk detection by anti-virus, but instead access data in a way the compromised user’s account normally would, only faster. To protect themselves, organizations should have monitoring and alerting capabilities to identify higher than normal activity by their employee’s user accounts. To compromise 5.2 million user accounts in a month and a half, the attackers would have been accessing on average over 124,000 customer accounts per day. An outlier in activity this high should have definitely been cause for an immediate investigation by the security team. Customer’s looking to protect themselves from targeted “spear phishing” attacks can do so by adopting a “never click” policy for emails. I myself have gotten to the point that instead of clicking links in emails- even ones I am 99% certain are legitimate, I instead go directly to the organization’s website or app to perform the action requested in the email.  Read Less
April 01, 2020
Peter Goldstein
CTO and Co-founder
Valimail
It would not be a surprise if the breached data of 5.2 million Marriott International hotel guests was used by cybercriminals to commit effective phishing attacks. For attackers, knowing customers’ contact details, birthdays, and loyalty program information means their social engineering attacks can be highly tailored and therefore all the more convincing, especially if leveraging brand impersonation tactics. Phishing campaigns often follow soon after breaches like this, targeting the.....Read More
It would not be a surprise if the breached data of 5.2 million Marriott International hotel guests was used by cybercriminals to commit effective phishing attacks. For attackers, knowing customers’ contact details, birthdays, and loyalty program information means their social engineering attacks can be highly tailored and therefore all the more convincing, especially if leveraging brand impersonation tactics. Phishing campaigns often follow soon after breaches like this, targeting the victims with fake security warnings that look like they came from the breached company. In fact, 83 percent of phishing emails overall are brand or company impersonations. If successful, this can lead to account takeover, identity theft and other scams that may affect an individual for years to come. As phish become increasingly hard to identify, email security solutions based on validating sender identity are a powerful defense that can help thwart these attacks at their source.  Read Less
April 01, 2020
Dr. Vinay Sridhara
CTO
Balbix
Marriott’s data breach in 2018 that compromised information of as many as 383 million guests and resulted in a $123 million fine, stood as one of the largest to occur by number of records exposed. Today, the multinational hospitality company has suffered yet another breach, showcasing how the company still lacks proactive security strategies that identify and address vulnerabilities that put them at risk prior to millions of guests’ personal information being compromised. In this most.....Read More
Marriott’s data breach in 2018 that compromised information of as many as 383 million guests and resulted in a $123 million fine, stood as one of the largest to occur by number of records exposed. Today, the multinational hospitality company has suffered yet another breach, showcasing how the company still lacks proactive security strategies that identify and address vulnerabilities that put them at risk prior to millions of guests’ personal information being compromised. In this most recent case, compromised login credentials have given intruders insider’s access. Although monitoring and analysis within the enterprise can identify suspicious activity, these credentials effectively bypass perimeter security and complicate detection. What’s more, if these login credentials have been reused across services, all Marriott applications that share credentials are now vulnerable. Enterprises must proactively get ahead of the threat of compromised credentials by implementing effective password policies that ensure suitable password strength and do not allow password sharing. Additionally, by using two-factor authentication via a trusted second factor, companies can significantly reduce the number of breaches that occur due to compromised credentials.  Read Less
April 01, 2020
Stuart Reed
UK Director
Orange Cyberdefense
News today that Marriott has been hit again by a security breach raises the question of what should be done after a company suffers an incident. Highlighting potential vulnerabilities but also showcasing the importance of investment, the steps taken after a breach are often crucial to alleviating reputational damage and securing the data of customers in the future. In our research, we have found that two thirds of those hit by a breach in the past 12 months weren’t very confident that their.....Read More
News today that Marriott has been hit again by a security breach raises the question of what should be done after a company suffers an incident. Highlighting potential vulnerabilities but also showcasing the importance of investment, the steps taken after a breach are often crucial to alleviating reputational damage and securing the data of customers in the future. In our research, we have found that two thirds of those hit by a breach in the past 12 months weren’t very confident that their organisation could defend against the same type of attack again. The recent Marriott security incident potentially indicates that this lack of confidence is warranted. Having a layered approach to security is paramount to ensuring that future cyber incidents are avoided. A crucial part of this is monitoring and blocking threats on the network, as well as identifying where large amounts of data being accessed. It is also important to highlight anomalous behaviour, such as employees logging on to the network at strange times or from unusual places, which could indicate a malicious intruder.  Read Less
April 01, 2020
Bob Rudis
Chief Data Scientist
Rapid7
If there is an insight to be gleaned from the recent, second breach at Marriott International that is to remain vigilant for new attacks even if you've just experienced one. Successful phishing campaigns can happen to anyone and any organisation, and the use of stolen, legitimate credentials is still one of the most popular attack vectors for our adversaries. Current disruptions in traditional work patterns also increase the likelihood of more frequent and clever attacks occurring every day......Read More
If there is an insight to be gleaned from the recent, second breach at Marriott International that is to remain vigilant for new attacks even if you've just experienced one. Successful phishing campaigns can happen to anyone and any organisation, and the use of stolen, legitimate credentials is still one of the most popular attack vectors for our adversaries. Current disruptions in traditional work patterns also increase the likelihood of more frequent and clever attacks occurring every day. Even though your staff may be more dispersed than usual, this is no time to hold back on regular awareness training. It is also paramount that you continue to watch for anomalous behaviour of systems and accounts to reduce the time attackers have to accomplish their goals if they do manage to breach your defences.  Read Less
What do you think of the topic? Do you agree with expert(s) or share your expert opinion below.
Be part of our growing Information Security Expert Community (1000+), please register here.