The Marriott Hotels data breach has sent ripples through the Infosec community, with questions being asked as to how the hackers were able to roam around a network for years, unbeknownst to the people charged with keeping networks safe. We have seen a similar situation developing in the breach of Canada’s 1-800 Flowers, reported to the California attorney General’s office recently.
“Much the same as people who live too long in a war zone, the world’s population have become inured to the meaning and damage of mega breaches. Perhaps ‘Giga Breaches’ should be the new term. When we receive 4 or 5 letters a year about compromised identities, horror stories at one or two degrees of separation, headlines measuring in the 100s of millions of victims, but life keeps going, we become de-sensitized. It’s important to remember that the impact of a breach is big even when buried among others. We still have something to lose and we should not idly accept the unacceptable. Boards and leadership in companies should use the New Year as an opportunity to set new programs in motion, new energy and a standard of excellence. Work with CISOs to make sure that hackers aren’t sitting in networks like parasites for years. Use peace time for preparation, and make it a core value to respect privacy, to lean forward, to champion transparency and to not ignore the risks from poor IT hygiene and weak cyber practices.“
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional
Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.