Question

In: Accounting

“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers....

 

“Marriott International announced in November 2018 that attackers had stolen data

on approximately 500 million customers. The breach initially occurred on systems

supporting Starwood hotel brands starting in 2014. The attackers remained in the

system after Marriott acquired Starwood in 2016 and were not discovered

until September 2018.”(sourced from a published report)

Referring to the case given, list and explain 2 steps that can help prevent data breach like this.

Solutions

Expert Solution

If you have used the site and it’s available in your country, it makes sense to take the WebWatcher access. Other tools are also available such as ‘Have I Been Pwned’.

It goes without saying that users should change passwords used for the site -and the same goes if these details are used elsewhere. In addition, watch your
bank account for any suspicious activity and be wary of emails claiming to be from Marriott: cyber criminals will often use incidents such as these to orchestrate scams and phishing emails.

​​​​​​Steps to reduce risk:

Due deligence on acquisitions:

Marriott is not the first company to discover that an acquired company had already been breached. Avast software acquired software tools vendor piriform in 2016 and subsequently discovered that its software system was breached.

A primary activity for any company conducting M&A activity needs to be a cybersecurity assessment to fully understand the state of the company and its vulnerabilities. A full cybersecurity assessment must be part of any modern business acquisition.

Consider DLP tools:
The fact that it took some time after the initial warning signs before the data loss was detected was a major shortcoming.
Sensitive data within an organization, including personally identifiable information (PII), payment card data and other user information, should be protected with data loss
prevention (DLP) technology. With a proper DLP system in place, PII data cannot leave an organization, and access attempts will be monitored and logged.

Privileged account management:
Even without DLP, database information that contains PII should only be accessible by privileged accounts, a common IT best practice.With privileged account management (PAM) tools and technologies, access attempts are monitored and credentials for privileged accounts are more tightly controlled.

PCI compliance:
Given that payment card data was involved in the data breach, PCI-DSS (Payment Card Institute Data Security Standard) is involved. Was Starwood assessed as being
PCI-DSS compliant, or was it even assessed at all recently? Those facts are not yet known.

According to Verizon, no company that has been quantitatively proven to be PCI-DSS compliant has ever been breached. Rather breaches occur when companies fall out of compliance.

Penetration testing:
A good best practice to keep organizations secure is to have active third-party penetration testing activities. It's an activity that organizations behind the Ashley Madison website now use to help keep that site, which was the victim of a massive breach itself, secure.

By actively taking an adversarial approach and benefiting from third-party resources, additional vulnerabilities can be uncovered.

Threat hunting:
Beyond having a third-party conduct penetration testing, active threat hunting tools can expedite how quickly potential and actual threats are found.

With threat hunting tools that are sometimes built into SIEM systems, data can be enriched with additional context from different sources to help correlate multiple sets of information, which is useful for finding threats.

Breach and attack simulation (BAS):
Another good IT security best practice is to use breach and attack simulation (BAS) and employee training tools. Such tools might not have found the exact flaw that led to the Starwood breach, but inevitably it's an exercise that helps harden enterprise networks and train IT security staff. By combing networks looking for flaws and simulating what could happen, responses become routine and the time an attacker might get to spend in a network can be limited.

The root cause of the Starwood data breach is currently unknown and no doubt additional details will emerge in the weeks and months ahead. One thing is certain: A breach of this size is hardly ever the result of a single flaw. Rather it's the result of a threat actor that somehow got into the network and then was able to move around laterally without being detected.

Making use of the tools and techniques listed above might not prevent an intrusion, buthaving defense in depth and multiple layers of cybersecurity activities might well help to reduce the dwell time and limit impact.


Related Solutions

“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers....
“Marriott International announced in November 2018 that attackers had stolen data on approximately 500 million customers. The breach initially occurred on systems supporting Starwood hotel brands starting in 2014. The attackers remained in the system after Marriott acquired Starwood in 2016 and were not discovered until September 2018.”(sourced from a published report) Referring to the case given, list and explain 2 steps that can help prevent data breach like this.
Middle East Uber rival Careem says data of 14 million drivers and riders stolen in cyberattack...
Middle East Uber rival Careem says data of 14 million drivers and riders stolen in cyberattack Careem, the Middle East rival to Uber, had the data of its 14 million customers and drivers stolen in a cyberattack, the company said on Monday. The start-up became aware of the incident on January 14. Careem has operations in 13 countries and in over 90 cities. Careem, the Middle East rival to Uber, had the data of its 14 million customers and drivers...
On September 7, 2017, Equifax announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers....
On September 7, 2017, Equifax announced a cybersecurity incident potentially impacting approximately 143 million U.S. consumers. Cyber criminals have accessed sensitive information -- including names social security numbers, birth dates, addresses, and the number of some driver's licenses. Use the GAO Risk Assessment Methodology 3, pages 34-38, to document the vulnerabilities to Equifax and identify the recommended countermeasures / security controls to protect customer PII. Include detailed information explaining how these security controls can reduce risk. https://www.gao.gov/assets/690/681342.pdf
In November of 2015, STI customers were notified by e-mail that their accounts had been compromised...
In November of 2015, STI customers were notified by e-mail that their accounts had been compromised and were being restricted unless they re-registered using an accompanying hyperlink to a Web page that had STI’s logo, home page design, and internal links. The form had a place for them to enter their credit card data, ATM PINs, Social Security number, date of birth, and their mother’s maiden name. Due to the diligent efforts of Tommy Lew, STI customer information was not...
Many large organizations have had their database system hacked and customer data stolen. Your first task...
Many large organizations have had their database system hacked and customer data stolen. Your first task is to identify one company where their database was hacked.  Second, how should the security for the database be different than security for the rest of the system? Does it make a difference for web-based data designs? If so, how?
It’s November 20, 2018. You are the controller of Lashkey Co., a $400 million (sales) manufacturing...
It’s November 20, 2018. You are the controller of Lashkey Co., a $400 million (sales) manufacturing company. As you prepare forecasts for the year ending December 31, 2018, you discover that cash flow from operating activities is substantially lower than was expected. You ask your staff to suggest steps that could be taken before the end of the year to boost cash flow from operating activities. Following are your staff’s recommendations. For each one, indicate if it would (answer “yes”)...
On December 31, 2017, Berclair Inc. had 500 million shares of common stock and 6 million...
On December 31, 2017, Berclair Inc. had 500 million shares of common stock and 6 million shares of 9%, $100 par value cumulative preferred stock issued and outstanding. On March 1, 2018, Berclair purchased 24 million shares of its common stock as treasury stock. Berclair issued a 5% common stock dividend on July 1, 2018. Four million treasury shares were sold on October 1. Net income for the year ended December 31, 2018, was $800 million. The income tax rate...
In 2018, XYZ Inc. had sales of $36 million, costs of goods sold of $15 million,...
In 2018, XYZ Inc. had sales of $36 million, costs of goods sold of $15 million, Sales, General and Administrative (SG&A) expenses of $6 million, Depreciation expenses of $4 million, Interest expenses of $800,000, Average Tax Rate of 17%, total debt of $15 million, and total assets of $31 million. What was XYZ Inc.'s Profit Margin as of 2018?
A company had net fixed assets of $7 million on December 31, 2018 and $10 million...
A company had net fixed assets of $7 million on December 31, 2018 and $10 million on December 31, 2019. For 2019, the company’s depreciation expense was $1 million and its cash flow from operations was $7 million. During 2019, the company’s net working capital increased by $500,000 and net capital spending was $4 million. What was the firm’s cash flow from assets?
Pelamed Pharmaceuticals had EBIT of $ 475 million in 2018. In​ addition, Pelamed had interest expenses...
Pelamed Pharmaceuticals had EBIT of $ 475 million in 2018. In​ addition, Pelamed had interest expenses of $ 205 million and a corporate tax rate of 21 %. a. What is​ Pelamed's 2018 net​ income? The 2018 net income is ​$____million.  ​(Round to the nearest​ integer.) b. What is the total of​ Pelamed's 2018 net income plus interest​ payments? The total of​ Pelamed's 2018 net income plus interest payments is ​$___ million. c. If Pelamed had no interest​ expenses, what...
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT