It’s now been a few days since the now epic Marriott hack that put 500 million people at risk of having their personal data be used for who knows what nefarious purpose. Experts have started to weigh in and the consensus is that this was avoidable. World famous hacker Kevin Mitnick was the first to weigh in:
But since then others have added their thoughts. Dan Dearing, senior director of Product marketing at Pulse Secure, a San Jose-based provider of secure network and mobile access solutions to 80% of the Fortune 500 companies had this to say:
“Early reports stated that security experts working with Marriott determined that there had been unauthorized access of the Starwood network since 2014.
This type of “lying in wait” threat is driving many IT organizations to rethink how they secure their network to combat hackers who are sophisticated and patient to wait for the big payoff. The new security buzzword that describes how companies can defeat this type of threat is “zero-trust.” Essentially, IT cannot trust anything or anyone inside or outside of their network. Instead, they must deploy security tools that help enable them to always verify who the user is, whether the user is authorized to access the desired application or data, and finally if the user’s laptop or mobile device meets the security standards of the company. Only if all three conditions are met is the user allowed on the network.”
From a legal standpoint comes Cathryn Culverhouse who is a solicitor at the city law firm DMH Stallard. Cathryn is an expert on data protection and GDPR regulations. And she had this to say:
“Marriott have today announced that they have suffered a major data breach following the hack of its database. The breach is thought to include the personal data of up to 500 million customers, including (but not limited to) names, addresses, passport numbers and account details. This is clearly sensitive personal information from which individuals can easily be identified. Such information getting into the hands of fraudsters could have severe consequences , especially in respect of identity or bank fraud.
“Marriott are likely to be investigated by the ICO and could receive a hefty fine (up to 4% of their annual global turnover) given the large scale breach of sensitive information. This is likely to have a damaging impact on the hotel’s reputation.
“If a customer of Marriott has been affected by the breach they should be notified by Marriott without delay – although delay is not defined within GDPR and such a timeline will depend on the circumstances.
“Customers who may have been affected should visit the website set up by Marriott (https://answers.kroll.com/) to obtain more information, including details of the year-long subscription to a fraud-detecting service in the US, UK and Canada that Marriott are providing to their customers free of charge.
“These customers also have a potential claim against Marriott for compensation in respect of any losses.”
Finally, there’s Nick Wyatt, Head of Tourism at GlobalData, a leading data and analytics company, who offers his view on how the company can turn the disaster into a positive:
“Marriott cannot afford for this to happen again and so must now invest very heavily in improved detection and response-based technologies such as deception-based solutions, endpoint detection and response, software defined segmentation, and behavior analytics.
“GlobalData forecasts that by 2021, global cybersecurity products and services revenues are expected to reach US$140bn, up from US$114bn in 2017 and breaches like this present a great opportunity for cybersecurity consultants like Accenture, IBM, KPMG, PwC, FireEye, Herjavec Group, and Root9B. Other hotel companies cannot afford to ignore this issue and these companies can profit greatly as a result.
“In the more immediate term, Marriott must show that it is employing post-breach consultants to help take all actions possible to protect critical digital assets. Such firms will also look to identify the characteristics of the hackers in a bid to pre-empt further attacks. If Marriott can demonstrate that it is using such services, its claims of reducing future data security risks will have far more credibility.
‘‘Marriott has a chance to repair the reputational damage inflicted by shaping the future for the better and being seen as the catalyst for improved industry standard systems would be a great fillip. It must seize this opportunity to turn a great negative into a positive.”
This hack has the potential to be the biggest hack in history….. Until the next one. Thus I hope that companies large and small are looking at this hack and taking the advice of experts such as these so that they don’t become the next victim and put their customer’s data and information at risk.
Like this:
Like Loading...
Related
This entry was posted on December 3, 2018 at 10:29 am and is filed under Commentary with tags hack. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Experts Weigh In On Marriott Hack
It’s now been a few days since the now epic Marriott hack that put 500 million people at risk of having their personal data be used for who knows what nefarious purpose. Experts have started to weigh in and the consensus is that this was avoidable. World famous hacker Kevin Mitnick was the first to weigh in:
But since then others have added their thoughts. Dan Dearing, senior director of Product marketing at Pulse Secure, a San Jose-based provider of secure network and mobile access solutions to 80% of the Fortune 500 companies had this to say:
“Early reports stated that security experts working with Marriott determined that there had been unauthorized access of the Starwood network since 2014.
This type of “lying in wait” threat is driving many IT organizations to rethink how they secure their network to combat hackers who are sophisticated and patient to wait for the big payoff. The new security buzzword that describes how companies can defeat this type of threat is “zero-trust.” Essentially, IT cannot trust anything or anyone inside or outside of their network. Instead, they must deploy security tools that help enable them to always verify who the user is, whether the user is authorized to access the desired application or data, and finally if the user’s laptop or mobile device meets the security standards of the company. Only if all three conditions are met is the user allowed on the network.”
From a legal standpoint comes Cathryn Culverhouse who is a solicitor at the city law firm DMH Stallard. Cathryn is an expert on data protection and GDPR regulations. And she had this to say:
“Marriott have today announced that they have suffered a major data breach following the hack of its database. The breach is thought to include the personal data of up to 500 million customers, including (but not limited to) names, addresses, passport numbers and account details. This is clearly sensitive personal information from which individuals can easily be identified. Such information getting into the hands of fraudsters could have severe consequences , especially in respect of identity or bank fraud.
“Marriott are likely to be investigated by the ICO and could receive a hefty fine (up to 4% of their annual global turnover) given the large scale breach of sensitive information. This is likely to have a damaging impact on the hotel’s reputation.
“If a customer of Marriott has been affected by the breach they should be notified by Marriott without delay – although delay is not defined within GDPR and such a timeline will depend on the circumstances.
“Customers who may have been affected should visit the website set up by Marriott (https://answers.kroll.com/) to obtain more information, including details of the year-long subscription to a fraud-detecting service in the US, UK and Canada that Marriott are providing to their customers free of charge.
“These customers also have a potential claim against Marriott for compensation in respect of any losses.”
Finally, there’s Nick Wyatt, Head of Tourism at GlobalData, a leading data and analytics company, who offers his view on how the company can turn the disaster into a positive:
“Marriott cannot afford for this to happen again and so must now invest very heavily in improved detection and response-based technologies such as deception-based solutions, endpoint detection and response, software defined segmentation, and behavior analytics.
“GlobalData forecasts that by 2021, global cybersecurity products and services revenues are expected to reach US$140bn, up from US$114bn in 2017 and breaches like this present a great opportunity for cybersecurity consultants like Accenture, IBM, KPMG, PwC, FireEye, Herjavec Group, and Root9B. Other hotel companies cannot afford to ignore this issue and these companies can profit greatly as a result.
“In the more immediate term, Marriott must show that it is employing post-breach consultants to help take all actions possible to protect critical digital assets. Such firms will also look to identify the characteristics of the hackers in a bid to pre-empt further attacks. If Marriott can demonstrate that it is using such services, its claims of reducing future data security risks will have far more credibility.
‘‘Marriott has a chance to repair the reputational damage inflicted by shaping the future for the better and being seen as the catalyst for improved industry standard systems would be a great fillip. It must seize this opportunity to turn a great negative into a positive.”
This hack has the potential to be the biggest hack in history….. Until the next one. Thus I hope that companies large and small are looking at this hack and taking the advice of experts such as these so that they don’t become the next victim and put their customer’s data and information at risk.
Share this:
Like this:
Related
This entry was posted on December 3, 2018 at 10:29 am and is filed under Commentary with tags hack. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.