https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • SDN/SD-WAN
    • Cloud
    • RMM/PSA
    • Security
    • Telephony/UC/Collaboration
    • Cable
    • Mobility & Wireless
    • Fiber/Ethernet
    • Data Centers
    • Backup & Disaster Recovery
    • IoT
    • Desktop
    • Artificial Intelligence
    • Analytics
  • Strategy
    • Back
    • Mergers and Acquisitions
    • Channel Research
    • Business Models
    • Distribution
    • Technology Solutions Brokerages
    • Sales & Marketing
    • Best Practices
    • Vertical Markets
    • Regulation & Compliance
  • MSP 501
    • Back
    • 2022 MSP 501 Rankings
    • 2022 NextGen 101 Rankings
  • Intelligence
    • Back
    • Galleries
    • Podcasts
    • From the Industry
    • Reports/Digital Issues
    • Webinars
    • White Papers
  • Channel Futures TV
  • EMEA
  • Channel Chatter
    • Back
    • People on the Move
    • New/Changing Channel Programs
    • New Products & Services
    • Industry Honors
  • Resources
    • Back
    • Advisory Boards
    • Industry Organizations
    • Our Sponsors
    • Advertise
    • 2023 Editorial Calendar
  • Awards
    • Back
    • 2022 MSP 501
    • Channel Influencers
    • Circle of Excellence
    • DE&I 101
    • Technology Advisor 101 (TA 101)
  • Events
    • Back
    • 2023 Call for Speakers
    • CP Conference & Expo
    • MSP Summit
    • Channel Partners Europe
    • Channel Partners Event Coverage
    • Webinars
    • Industry Events
  • About Us
  • DE&I
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Agents
  • Cloud Service Providers
  • Channel Partners Events
 Channel Futures

MSSP Insider


Shutterstock

Data breach

Marriott Breach: Advanced Technology Could Lower Risk

  • Written by Edward Gately
  • December 4, 2018
Constant innovation is needed to fight cybercriminals.

Two massive data breaches reported within the past week are likely to have massive repercussions for both the companies involved and those whose personal information has been stolen.

Marriott last week confirmed the personal information of up to 500 million guests may have been stolen after its reservations database was hacked, and information sharing website Quora announced a data breach that exposed about 100 million users’ personal data.

Sophos's Erin Malone

Sophos’ Erin Malone

Erin Malone, Sophos‘ vice president of sales in North America and Sophos’ Partner Advisory Council leader, tells us Marriott’s data breach has put more than consumers’ data at risk. Sensitive corporate data belonging to business travelers now is also at risk or used for other nefarious activity by cybercriminals, such as gaining access into company networks or to launch lucrative phishing campaigns, she said.

“The potential consequences of this breach should serve as a reminder that even with the best security practices, businesses of all sizes are still vulnerable to data breaches through employee and third-party breaches,” she said. “As such, partners need to be working with all of their customers to ensure they have comprehensive, layered security solutions in place to prevent advanced threats from exposing customer records and detailed personal or employee information.”

Daryl Crockett, president and CEO of ValidDatum, which provides data-related project management and services, including data privacy and security, and General Data Protection Regulation (GDPR) compliance, tells us most companies are securing their data with encryption technology, monitoring for repeated log-in attempts and using some sort of role-based permissions, and second- and third-party authentication for mobile users.

ValidDatum's Daryl Crockett

ValidDatum’s Daryl Crockett

“But what they fail to do and what they really need to start doing is not keeping data in mass chunks on their systems,” she said. “They need to use a technique called tokenization or micro-tokenization. That takes the data, the very personal parts of the data, and swaps it out for a token, and it takes that real data and it puts someplace else, it encrypts it there and then shreds it and spreads it over a number of places. So when the crooks go into these databases, what they’ll find is data that’s not there, that they can’t read, that’s not real data.”

And when the data is needed, it’s essentially one transaction at a time, Crockett said.

“When somebody logs in and they want  to come to the front desk, that single record gets pulled up, it gets swapped back for the real data, and that single record is exposed while they’re going through the transaction to log in or make a reservation, or check in at the front desk,” she said. “And then as soon as they are done with that transaction, it goes back through, gets re-tokenized with a different token number and off that data goes. That’s what businesses have to start doing and it is overwhelming.”

Businesses that are building their software and systems with data privacy and data security from the beginning are not going to have this problem, Crockett said. But legacy businesses like Marriott have to go through this retooling process, she said.

“They’re not thinking about going through and doing it the right way, they’re just trying to put locks on the front door in hopes that nobody drops through the ceiling or sneaks in, or maybe an employee that gets access to these large data banks,” Crockett said. “So that’s really what’s ahead and that’s really the most secure way, and I really do believe you’re going to start to see companies bite the bullet and realize they have to make these fundamental changes, and start to really not secure the data, but obscure the data.”

Egress Software Technologies' Tony Pepper

Egress Software Technologies’ Tony Pepper

Tony Pepper, CEO of Egress Software Technologies, tells us the Marriott breach “clearly enters and surpasses the mega breach parameter,” and using figures from Ponemon Institute’s Cost of a Data Breach study, these types of breaches are projected to cost companies $40 million to $350 million.

“Cybersecurity is continuously evolving — as defenses get more sophisticated, so do the attacks to get around them (and vice versa),” he said. “This double-edged sword is both a challenge and an opportunity to the security community. It means that we need to be constantly innovating and looking to emerging technologies to enhance defenses, but at the same time, by being constantly on the front foot, we can thwart would-be attackers.”

The Marriott breach shows that there’s still work to do to improve cybersecurity, including at a global enterprise level, Pepper said. This requires both MSSPs and cybersecurity providers to take a holistic view of a organization’s defenses, including policies, training and technologies, to “ensure their defenses are robust,” he said.

What’s more, should the worst ever happen and a successful attack takes place, the right systems should be in place to quickly detect and mitigate a breach to render any information unusable to a cybercriminal, he said.

“Cybersecurity providers and their MSSP partners can always do more to help organizations protect their sensitive data — because if we stop innovating, then it won’t be long for cybercriminals to bypass defenses,” he said. “Looking at the Marriott breach, where the attacker had access to the Starwood database since 2014, more needed to be done to detect areas of weakness, especially for systems that contain such incredibly high volumes of personally identifiable information (PII). Providers and MSSPs then need to recommend solutions that can secure this data based on leading-edge technologies that can defend against attacks.” 

The Marriott breach is going to lead to fines and “amazingly huge lawsuits, and that’s probably going to lead to a lot of people with Marriott losing their jobs,” Crockett said.

“And frankly, customers are probably going to change to, at least temporarily, using another competitor that they think is doing a better job of protecting their data,” she said. “These are the real-world dangers now that companies must endure.”

Tags: MSPs Business of Security MSSP Insider Security

Most Recent


  • Momentum
    Microsoft Security Now $20 Billion Business with 'Tremendous Momentum'
    One analyst says there's few legitimate obstacles in its path for further growth.
  • ChatGPT
    Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity
    ChatGPT can make it easier to become a cybercriminal.
  • Employee-person-man going out exit door
    IT Nation Leader Craig Fulton Leaving ConnectWise After 16 Years
    ConnectWise experienced massive growth during Fulton's tenure.
  • Path
    PagerDuty Layoffs to Slash 7% of Workforce in 'Right Path Forward'
    New roles will be created in cost-effective, high-talent geographies over time.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • DevSecOps
    ServiceNow, Microsoft Set to Deliver Broad SecOps Integration
  • Dunce Cap Businessman
    Tired of MSSPs ‘Failing,’ Nuspire Debuts Platform to Combat Cyberattacks
  • Malicious hacker at computer with code
    FragAttacks Wi-Fi Vulnerabilities Pose Widespread Threat to Individuals, Businesses
  • Colonial Pipeline Just the Latest Victim in Darkside Ransomware Crime Spree

Upcoming Events

View all

Channel Partners Conference & Expo

May 1, 2023 - May 4, 2023

Channel Partners Europe

June 13, 2023 - June 14, 2023

Channel Futures Leadership Summit

October 30, 2023 - November 2, 2023

Galleries

View all

Deal to Buy Unify from Atos Seals New Direction for Mitel, CEO Explains

January 26, 2023

Intelisys, Suppliers, Agents Take Aim at the Partner Marketing Gap

January 26, 2023

Ivanti: Everyone Should be Concerned About ChatGPT and Cybersecurity

January 25, 2023

Industry Perspectives

View all

Make the Most of the Gift of Time in 2023

January 25, 2023

Strong Partnerships Ease Challenging UPS Upgrade

January 24, 2023

The Advantages of Managed Networking and Security During Economic Uncertainty

January 5, 2023

Webinars

View all

Next-Generation MSP Platform: The Building Blocks for Your Business

February 15, 2023

Security Secrets of the MSP 501: How to Be a Cyber Leader in 2023

December 15, 2022
  • 1

Cybersecurity Certifications: Their Evolving Role in the Fight Against Increasing Attacks

December 13, 2022

White Papers

View all

Overcoming Your Endpoint Security Limitations with a Skeleton Crew

October 25, 2022

Embracing the Zero Trust Mindset For Endpoints

October 24, 2022

Endpoints are the Destination

October 24, 2022

Channel Futures TV

View all

Coffee with Craig and James Episode 117: Cato Networks, Video Killed the Podcast Stars

Retired Astronaut Capt. Scott Kelly Previews His CP Expo Keynote

December 21, 2022

Fusion Connect Eyes Future with Intrado UC, Managed Network Customers

September 23, 2022

RingCentral Focused on Hybrid Work, Microsoft Teams, Other Integrations

September 23, 2022

Twitter

ChannelFutures

The CEO of @Mitel discusses the likely outcomes of buying @Atos Unify. Note: @RingCentral will play a role post acq… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@msftsecurity surpasses $20 billion in annual revenue, analysts say it's a formidable #cybersecurity market conten… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

The adoption of cloud-based services ☁️ has spiked in the last few years and is among the top growth segments. See… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

[email protected], @NICECXone, @lumencpp, @CiscoPartners joined @IntelisysCorp and partners for a day of marketing worksho… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@IBM and @SAP announce #layoffs of thousands of employees dlvr.it/ShV2VY https://t.co/7QK1YqVpwa

January 26, 2023
ChannelFutures

#MSPs can boost #Channel business if they personalize the #DigitalExperience for partners, says @AvePoint.… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

Consider mental health in the context of DE&I. Create safe spaces where employees can feel comfortable being who th… twitter.com/i/web/status/1…

January 26, 2023
ChannelFutures

.@GoIvanti's CSO says #ChatGPT poses numerous cybersecurity concerns. dlvr.it/ShRmdt https://t.co/n22RZ4PZaO

January 25, 2023

MSP 501

The industry's largest and most comprehensive partner awards program.

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Galleries

Educational slide shows and images from live events.

Media Kit And Advertising

Want to reach our audience? Access our media kit.

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Events
  • Telecoms.com
  • MSP 501
  • Black Hat
  • IoT World Today
  • Omdia

WORKING WITH US

  • Contact
  • About Us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X