It has been reported that Princess Cruises, the cruise liner forced to halt its global operations after two of its ships confirmed on-board outbreaks of Coronavirus, has now confirmed a data breach. The notice posted on its website, believed to have been posted in early March, said the company detected unauthorised access to a number of its email accounts over a four month period between April and July 2019, some of which contained personal information on its employees, crew, and guests. Princess said names, addresses, Social Security numbers, and government IDs — such as passport numbers and driver’s license numbers — may have been accessed, along with financial and health information.

With a continuing uptick in automated attacks that leverage fraudulent and misused credentials, it\’s becoming more difficult for organizations to detect breaches without understanding more about the transactions that are happening throughout our networks. It\’s important that security teams are able to continuously monitor for anomalous behaviors, be able to assess the intention of the action, and have the ability to take swift action to stop bad actors. Detection is hard, but mitigation can often be harder without the right set of security tools.
News of the data breach at Princess Cruises makes one thing perfectly clear: all businesses are software businesses. Regardless of specifics, software is part of the underlying critical infrastructure that supports every business.
Businesses of all types are realising that software is critical infrastructure. When software fails, the consequences can be severe, ranging from inconvenience and expense all the way up to reputation damage and loss of business continuity.
A proactive, security-forward culture is the best way to minimise risk. This means thinking about security in all initiatives, large and small. Ongoing security education is important, but it is just as important to incorporate security into the design of network infrastructure, internal software systems, and business processes, not to mention making security a first-class citizen when procuring software and systems.