What caused the Marriott data breach?
CYBERATTACKS are on the rise and businesses are struggling to protect their data. Attackers are getting more and more sophisticated everyday and current approaches to cybersecurity are becoming obsolete every passing minute.
Last Friday, for example, Marriott International announced a system breach where the company lost private details — including names, credit card numbers, mailing addresses, and passport numbers — of about 500 million of its customers to hackers.
The breach, according to the group originated at Starwood hotels in 2014 before it merged with Marriott to create the world’s largest hotel chain. Starwood brands include St. Regis, Westin, Sheraton, Aloft, Le Meridien, and Four Points.
The Washington Post reported that after the apparent hack went undetected at the time of the acquisition in 2016 and the subsequent years.
Marriot revealed that an internal security tool, in September 2018 alerted the company on an attempt to access Starwood guest reservation database.
Upon further investigations, it found out that there has been unauthorized access to the network since 2014.
Marriot president and CEO, Arne Sorenson said, “We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
The breach ranks as one of the largest ever reported, following the hack of Yahoo that compromised up to 3 billion user data in 2013.
Starwood was a part of a different breach, along with other luxury hotels including Trump Hotels and Mandarin Oriental in 2015, when malware targetting credit and debit card information was detected on its payment systems.
At this point, the motive of the latest hack remains unclear to the investigators and experts. The debate is on whether it is identity theft or an act of espionage by nation-state operatives targeting information of travelers.
The financial impact of the breach is also too early to ascertain, Marriott said in its filing to the Securities and Exchange Commission, but the company does not foresee any significant impact on its financial standing in the long term.
Breaches like this and the preceding ones, that compromise sensitive consumer data could be an indication that the current approaches to cybersecurity have become inadequate in dealing with threats of the modern era.
Even with antivirus, firewalls, and other preventative measures in place, hackers were able to intrude Marriott’s networks and operated without detection for years.
The bad news is, there could be many other companies whose data has been breached but has not been discovered yet.
And thus, there has to be a rethink of how enterprises, both big and small, approach cybersecurity.
Modern and futuristic technologies, such as AI, automation, and analytics, have to be integrated into a combined and coordinated approach to fend off sophisticated cyber threats.
Cybercrimes cost the world economy up to US$600 billion per year, and its about time that companies adopted more sophisticated methods to detect and neutralize cyber threats.