Security in Networking
Data breaches have become common in today’s business environment as organizations are increasingly vulnerable to a data breach or cyber-attack. Jain & Ropple (2018) state that many companies or institutions face huge challenges in successful management of cyber risk despite increased expenditures on their network security. Even though some industry standards have been established, they are relatively vague. Additionally, existing solutions for safeguarding companies or institutions against data breaches are not entirely effective. Sophisticated criminal problems have compounded or worsened organizations’ vulnerabilities to data breaches or cyber-attacks. This paper examines the recent data breach at Marriot International, a large American hotel chain. The evaluation discusses the existing telecommunication and network practices at the time, what contributed to the breach, and a plan of action to alleviate these factors.
Marriot’s Data Breach and Existing Network Practices
Marriot International suffered what is regarded as the biggest corporate data breaches in history. The data breach resulted in the loss of data on 500 million guests including credit card and passport information (Brewster, 2018). The company admitted that the data breach occurred on its Starwood guest reservation database. In addition to credit card and passport information, the hackers also obtained data on mailing and email addresses, phone number, payment card numbers and their expiration dates. The stolen data relates to reservations made at Starwood guest database between 2014 and September 2018. This essentially means that hackers had unauthorized access to the hotels’ network for a period of four years. In its initial report, the company states that the exact data taken by the hackers remains unknown and subject to the findings of ongoing investigations into the data breach. The company seeks to establish what was exactly stolen by these hackers through its dedicated framework for helping affected guests. In this regard, Marriot established a series of steps to assist guests affected by the data breach including establishing a dedicated website and call center. The company is also sending email notifications to affected guests and providing them one-year free subscription to Webwatcher data security software.
One of the existing telecommunication and network infrastructure at the time of the attack is encryption of credit card numbers using an algorithm known as Advanced Encryption Standard (AES-128). In addition, access to payment card numbers and other guest information requires decrypting these numbers. Marriott reported the possibility that hackers had taken these telecommunication and network practices that helped protect its database. Therefore, Marriott utilized encryption of customer data and the need for decryption as a telecommunication and network practice that would protect its database from unauthorized access.
Factors Resulting in the Security Breach
Sivalingam (2018) reports that the security breach at Marriott can be traced back to 2014 prior to the merger between the company and Starwood hotels. The breach emerged at...…potentially detrimental activities and support mitigation decisions (Stevenson et al., 2019). A risk-focused monitoring function in the network would enhance its security and enable the company to advance its business strategies in a free and safe manner. Secondly, the company should utilize artificial intelligence in its network to accurately and effectively detect genuine cyber-attacks in real time. Artificial intelligence will play a critical role in this process since it’s impossible to manually detect malicious activity, especially when handling huge volumes of data (Atkinson, 2019). Third, Marriott should consider upgrading its login protocols by using stronger authentication tools such as security keys, biometrics or one-time codes since it would help the company to stay ahead of the hackers.
In conclusion, data breaches have become common in the modern business environment due to rapid technological advancements. Hackers and other cyber criminals are continually capitalizing on these technological advancements to develop sophisticated measures for conducting their activities. Marriott is an example of a company that has recently experienced a data breach that resulted in the loss of data of 500 million customers. Hackers exploited the lack of instant detection and alerts in the company’s network to launch an attack that allowed them to have unauthorized access to customer data for four years. In this regard, Marriott needs to enhance its network security infrastructure through adopting best practices that are in line with industry standards.
…
References
Atkinson, D. (2019). How AI Can Prevent a Marriott Situation from Happening Again. Retrieved February 9, 2019, from https://www.techradar.com/news/how-ai-can-prevent-a-marriott-situation-from-happening-again
Beal, V. (2005, July 15). Intrusion Detection (IDS) and Prevention (IPS) Systems. Retrieved February 9, 2019, from https://www.webopedia.com/DidYouKnow/Computer_Science/intrusion_detection_prevention.asp
Brewster, T. (2018, November 30). Marriott Hackers Stole Data on 500 Million Guests - - Passports and Credit Card Info Included. Forbes. Retrieved February 9, 2019, from https://www.forbes.com/sites/thomasbrewster/2018/11/30/marriott-admits-hackers-stole-data-on-500-million-guests/#5e9124b46492
Jain, S.C. & Ropple, L.M. (2018, December 14). Stopping Data Breaches will Require Help from Governments. Harvard Business Review. Retrieved February 9, 2019, from https://hbr.org/2018/12/stopping-data-breaches-will-require-help-from-governments
Sivalingam, J. (2018, December 4). What Caused the Marriott Data Breach? Retrieved February 9, 2019, from https://techwireasia.com/2018/12/what-caused-the-marriott-data-breach/
Stevenson, C., Douglas, A., Nicholson, M. & Amjad, A. (2019). From Security Monitoring to Cyber Risk Monitoring: Enabling Business-aligned Cybersecurity. Retrieved February 9, 2019, from https://www2.deloitte.com/insights/us/en/deloitte-review/issue-19/future-of-cybersecurity-operations-management.html
victims of an organization's data breach? The largest data brokers, government agencies, retailers, Internet businesses, financial institutions and educational institutions of the nation have disclosed a number of computer intrusions and data breaches. A data breach can take place in case of theft or loss of, or some kind of illegal access to the data that contains sensitive information which is personal and can compromise the integrity or confidentiality of
Heartland Data breach may well have been one of the biggest security breaches ever perpetrated. Heartland Payment Systems, Inc. (HPS) provides debit, prepaid, and credit card processing, online payments, check processing, payroll services as well as business solutions for small to mid-sized industries. Approximately, 40% of its clients are restaurants. HPS is the fifth largest credit card processor in the United States and the 9th largest in the world. The breach
In this Facebook data breach essay, we discuss how Facebook allowed applications to mine user data. The essay will explain what data was breached, how it was breached, and how that data was used. Furthermore, the essay will also discuss the repercussions of the breach, including Facebook founder Mark Zuckerberg’s hearing in front of the United States Senate, issues involving Cambridge Analytical, and information that is being revealed about additional
Introduction The Facebook data scandal of 2018 was less a traditional “breach” than the harvesting of data by third parties looking to monetize and use Big Data by collecting information on Facebook users. The true “breach” that did occur however was a breach of trust among Facebook users, who believed their personal information was safer and more private than it actually was. At the center of the scandal was a company
Breach Notification The confidentiality of medical and personal information of every patients or other individual is a serious issue in the health sector. However, governments such the United States and European Union have put into operation data breach notification rules that cover the health care fraternity. Therefore, breach notification can be defined as rules and regulation which protects or control the unlawful access to data of an individual (Jim Tiller, 2011). Mostly
Internet Risk and Cybercrime at the U.S. Department of Veterans Affairs Internet Risk Cybercrime Today, the mission of the U.S. Department of Veterans Affairs (VA) as taken from President Lincoln's second inaugural address is, "To care for him who shall have borne the battle, and for his widow, and his orphan." To this end, this cabinet-level organization provides healthcare services through the Veterans Health Administration (VHA) to nine million veteran patients each year.
Our semester plans gives you unlimited, unrestricted access to our entire library of resources —writing tools, guides, example essays, tutorials, class notes, and more.
Get Started Now