Marriott Hotels: Series Of Data Breaches Reveals Lack Of Security Awareness - 0 views
-
The data breach hitting Marriott Hotels Group was huge. The joint-second largest to have ever taken place, in fact, after Yahoo’s disastrous 2013 breach (and on par with Yahoo’s 2014 breach). While the amount of data that was taken from Starwood Hotels’ reservation systems (a company acquired by Marriott in 2016) was vast, what’s most staggering is the fact the breach went undetected for four years, and an acquisition also took place but the alarm still wasn’t raised. Since news originally broke of the release, it’s also been revealed that the hotel group’s own security team was hit by an attack in June 2017. Clearly something has gone amiss.
-
The issue is compounded by the fact that security is still not high enough up the list of priorities for business leaders. Despite well-known organizations frequently hitting the headlines for data breaches (in 2018 alone we’ve had Ticketmaster, Quora, British Airways, Under Armour and plenty more) and a ‘when not if’ warning being peddled by the security industry for years, many businesses still haven't got to grips with just how critical proper security is. The fact that reviewing security may not have been part of the acquisition process of Starwood by Marriott – and if it was, not well enough – is further evidence of this apparent blindness to the impact of poor security. So, what’s going wrong? A research report from security company Bromium earlier this year suggested that the average large enterprise spends $16.7 million per annum on security, with the vast majority found to be on ‘the human cost of maintaining cyber security systems’. While most firms clearly aren’t 2,000 people sized enterprises, the research provides a good indication that spending on security isn’t the issue. Instead, it’s people.
-
We need to look at different approaches to skills development and, in many ways, imitate cyber criminals themselves who are continually iterating ideas to solve problems, rewarding perseverance and curiosity as well as encouraging further development. The ‘white hats’ need to approach their roles the same way – not rely on what they heard in a classroom six months previously.
-
The recent cyberattack at Marriott International Inc. has many hoteliers wondering what are the legal and business risks associated with security attacks? The recent breach at Marriott further proves the point that businesses should prepare now or be willing to pay for it later. In November 2018, the Bethesda, MD-based hotel company revealed there had been unauthorized access to the Starwood guest reservation database, which contained guest information relating to reservations at Starwood properties on or before Sept. 10, 2018. Businesses face a multitude of risk when looking at the potential consequences resulting from a cyberattack or breach. As we've seen recently with the Marriott breach, there can be significant impact to brand equity in the marketplace. This impact can be far reaching for publicly traded businesses, resulting in material impacts to businesses and business valuation, and long-term impact to user adoption. In addition to the downside risk from the market, businesses must also mount expensive defenses against litigation that increasingly takes the form of class actions. Reputation is important in every trade but is especially important in the hospitality industry. This, coupled with the fact that consumers are becoming more sensitive to privacy and security related issues, means that businesses in the hospitality industry must manage against these types of risk and allocate appropriate levels of funding toward information security. What should hoteliers learn from the Marriott breach? Pay attention. Marriott was aware that there was a potential issue shortly after it acquired Starwood, but did not, apparently, investigate in detail. Marriott may not have created the problem, but it bought the problem and didn't treat it with the seriousness that was necessary.