Half a billion is a really, really big number – so big, it almost seems impossible to think that Marriott’s security was breached and every single one of those records made their way into the hands of the bad guys. But that’s exactly what happened to the Marriott Starwood Hotels acquisition in a breach that lasted 4 years!
The data stolen will be used for years to come by cybercriminal organizations that are phishing unsuspecting users with everything from emails citing “a problem with your reservation” to offers for hotel rooms at an unbelievable price, to simply using the personal details gathered to establish context enough to fool a recipient into taking the bait.
The breach is inexcusable and demonstrates even those organizations we believe are protecting their data the most can fall prey to attack and breach. Major lesson here: in any acquisition, the due diligence needs to include a very, very thorough cyber security assessment.
In response, U.S. Senators are calling for more stringent privacy laws – likely along the lines of the soon-to-be-implemented California Consumer Privacy Act of 2018 – to ensure those organizations holding material numbers of consumer records have proper security controls in place… and penalties for those who fall short characterized as “severe” and “aggressive”, even discussing jail time for senior executives that ignore customer data privacy.
Add to all this the wave of lawsuits against Marriott that have already begun. This is all indicative that consumer privacy is coming to a boil in the U.S., with tolerance on the part of consumers and Congress reaching an end.
It’s time for organizations like yours to get ahead of the consumer privacy game – while legislation may not exist yet, lawsuits certainly do. Protecting data with proper security controls, limits on privileged access, machine learning-based endpoint protection, and Security Awareness Training is all part of a necessary layered “defense-in-depth” security approach. Necessary… as in to protect your data, stay clear of the headlines, and avoid penalties from regulations.
Find out how affordable new-school security awareness training is for your organization. Get a quote now.
Based Blockchain Network