Marriott breach exposes more than just customer info
Marriott’s massive data breach exposed more than just 500 million customer records, it is also shining a light on the role cybersecurity needs to play when a firm is in acquisition mode, along with the damage that even one slip up by an employee can have on the entire company.
Marriott has not disclosed exactly how cybercriminals managed to enter the Starwood reservation system compromising 500 million records, but the early action on the breach is leaning toward the malicious actors obtaining employee credentials in some manner and gaining access to the system. And since their presence was in place two years before Marriott’s purchase of Starwood Hotels there was an obvious omission by Marriott during its vetting process of Starwood and its computer network.
“At this point, we can only speculate, but if I had to guess, phishing would be at the top of the list. My second guess would be a third-party vendor compromise – possibly via phishing or other poor security practices like an unpatched vulnerability – that gave them a foothold within the Starwood enterprise,” said David Pearson, principal threat researcher at Awake Security.
Dig Deeper with These Resources
Real World Incidents Detected and Stopped by Awake
Organizations across industries use Awake every day to identify and stop modern threats from both internal and…
EMA Top 3 Report and Decision Guide for Security Analytics
This Enterprise Management Associates (EMA) report identifies the leading priorities organizations face with resolving challenges and meeting…