https://www.channelfutures.com/wp-content/themes/channelfutures_child/assets/images/logo/footer-new-logo.png
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
Channel Futures
  • NEWSLETTER
  • Home
  • Technologies
    • Back
    • Analytics
    • Artificial Intelligence
    • Cloud
    • Data Centers
    • Desktop
    • IoT
    • Mobility
    • Networking
    • Open Source
    • RMM/PSA
    • Security
    • Virtualization
    • Voice/Connectivity
  • Strategy
    • Back
    • Best Practices
    • Business Models
    • Channel 101
    • Channel Programs
    • Channel Research
    • Digital Transformation
    • Diversity & Inclusion
    • Leadership
    • Mergers and Acquisitions
    • Sales & Marketing
    • Specialty Practices
  • MSSP Insider
    • Back
    • Business of Security
    • Cloud and Edge
    • Endpoint
    • Network
    • People and Careers
    • Training and Policies
  • MSP 501
    • Back
    • 2020 MSP 501 Rankings
    • 2020 Hot 101 Rankings
    • 2020 MSP 501 Report
  • Intelligence
    • Back
    • Our Sponsors
    • From the Industry
    • Content Resources
    • COVID-19 Partner Help
    • Galleries
    • Podcasts
    • Reports
    • Videos
    • Webinars
    • White Papers
  • EMEA
  • Awards
    • Back
    • Excellence in Digital Services
    • 2020 MSP 501
    • Top Gun 51
  • Events
    • Back
    • CP Conference & Expo
    • Channel Partners Evolution
    • Channel Evolution Europe
    • Channel Partners Event Coverage
    • Webinars
  • Channel Mentor
    • Back
    • Channel Market Intelligence
    • Channel Educational Series
    • Newsletter
  • REGISTER
  • MSPs
  • VARs / SIs
  • Digital Service Providers
  • Cloud Service Providers
  • CHANNEL PARTNERS ONLINE
 Channel Futures

MSSP Insider


Shutterstock

Data breach

Marriott Breach: Advanced Technology Could Lower Risk

  • Written by Edward Gately
  • December 4, 2018
Constant innovation is needed to fight cybercriminals.

Two massive data breaches reported within the past week are likely to have massive repercussions for both the companies involved and those whose personal information has been stolen.

Marriott last week confirmed the personal information of up to 500 million guests may have been stolen after its reservations database was hacked, and information sharing website Quora announced a data breach that exposed about 100 million users’ personal data.

Sophos's Erin Malone

Sophos’ Erin Malone

Erin Malone, Sophos‘ vice president of sales in North America and Sophos’ Partner Advisory Council leader, tells us Marriott’s data breach has put more than consumers’ data at risk. Sensitive corporate data belonging to business travelers now is also at risk or used for other nefarious activity by cybercriminals, such as gaining access into company networks or to launch lucrative phishing campaigns, she said.

“The potential consequences of this breach should serve as a reminder that even with the best security practices, businesses of all sizes are still vulnerable to data breaches through employee and third-party breaches,” she said. “As such, partners need to be working with all of their customers to ensure they have comprehensive, layered security solutions in place to prevent advanced threats from exposing customer records and detailed personal or employee information.”

Daryl Crockett, president and CEO of ValidDatum, which provides data-related project management and services, including data privacy and security, and General Data Protection Regulation (GDPR) compliance, tells us most companies are securing their data with encryption technology, monitoring for repeated log-in attempts and using some sort of role-based permissions, and second- and third-party authentication for mobile users.

ValidDatum's Daryl Crockett

ValidDatum’s Daryl Crockett

“But what they fail to do and what they really need to start doing is not keeping data in mass chunks on their systems,” she said. “They need to use a technique called tokenization or micro-tokenization. That takes the data, the very personal parts of the data, and swaps it out for a token, and it takes that real data and it puts someplace else, it encrypts it there and then shreds it and spreads it over a number of places. So when the crooks go into these databases, what they’ll find is data that’s not there, that they can’t read, that’s not real data.”

And when the data is needed, it’s essentially one transaction at a time, Crockett said.

“When somebody logs in and they want  to come to the front desk, that single record gets pulled up, it gets swapped back for the real data, and that single record is exposed while they’re going through the transaction to log in or make a reservation, or check in at the front desk,” she said. “And then as soon as they are done with that transaction, it goes back through, gets re-tokenized with a different token number and off that data goes. That’s what businesses have to start doing and it is overwhelming.”

Businesses that are building their software and systems with data privacy and data security from the beginning are not going to have this problem, Crockett said. But legacy businesses like Marriott have to go through this retooling process, she said.

“They’re not thinking about going through and doing it the right way, they’re just trying to put locks on the front door in hopes that nobody drops through the ceiling or sneaks in, or maybe an employee that gets access to these large data banks,” Crockett said. “So that’s really what’s ahead and that’s really the most secure way, and I really do believe you’re going to start to see companies bite the bullet and realize they have to make these fundamental changes, and start to really not secure the data, but obscure the data.”

Egress Software Technologies' Tony Pepper

Egress Software Technologies’ Tony Pepper

Tony Pepper, CEO of Egress Software Technologies, tells us the Marriott breach “clearly enters and surpasses the mega breach parameter,” and using figures from Ponemon Institute’s Cost of a Data Breach study, these types of breaches are projected to cost companies $40 million to $350 million.

“Cybersecurity is continuously evolving — as defenses get more sophisticated, so do the attacks to get around them (and vice versa),” he said. “This double-edged sword is both a challenge and an opportunity to the security community. It means that we need to be constantly innovating and looking to emerging technologies to enhance defenses, but at the same time, by being constantly on the front foot, we can thwart would-be attackers.”

The Marriott breach shows that there’s still work to do to improve cybersecurity, including at a global enterprise level, Pepper said. This requires both MSSPs and cybersecurity providers to take a holistic view of a organization’s defenses, including policies, training and technologies, to “ensure their defenses are robust,” he said.

What’s more, should the worst ever happen and a successful attack takes place, the right systems should be in place to quickly detect and mitigate a breach to render any information unusable to a cybercriminal, he said.

“Cybersecurity providers and their MSSP partners can always do more to help organizations protect their sensitive data — because if we stop innovating, then it won’t be long for cybercriminals to bypass defenses,” he said. “Looking at the Marriott breach, where the attacker had access to the Starwood database since 2014, more needed to be done to detect areas of weakness, especially for systems that contain such incredibly high volumes of personally identifiable information (PII). Providers and MSSPs then need to recommend solutions that can secure this data based on leading-edge technologies that can defend against attacks.” 

The Marriott breach is going to lead to fines and “amazingly huge lawsuits, and that’s probably going to lead to a lot of people with Marriott losing their jobs,” Crockett said.

“And frankly, customers are probably going to change to, at least temporarily, using another competitor that they think is doing a better job of protecting their data,” she said. “These are the real-world dangers now that companies must endure.”

Tags: MSPs Business of Security MSSP Insider

Related


  • Spam
    Kaspersky Research: Russia Now No. 1 Global Source of Spam
    The most frequent targets of phishing attacks were online stores.
  • Cybersecurity Roundup
    Law Firm Cyberattack Exposes Tens of Thousands of Patient Records
    Cybercriminals prefer to target entities like law firms because of the enterprise data they possess.
  • Cloud security
    IT Facing Major Security Issues, But Cloud Security May Be Most Immense
    A number of reports point to security problems within client environments, but cloud could be the biggest.
  • Threats
    Despite SIEM Software Adoption, Threat Coverage Comes Up Short
    Enterprise SIEMs are unprepared for 84% of certain tactics and techniques.

Leave a comment Cancel reply

-or-

Log in with your Channel Futures account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Blame IT Pros for Data Privacy Failures?
  • MSSPs, Beware: Threat Analysis Group Warns of North Korean Social Engineering
  • Financial Sector Cyberattacks Rising with Bad Actors Raking in the Dough
  • Untangle Research: Breach Headlines to Prompt Increased Cybersecurity Spending

Galleries

View all

Threat Protection Vendors: Why MSSPs Have to Ramp Up Efforts Right Now

February 23, 2021

Industry Perspectives

View all

SASE: The Key to Mitigating Business Transformation Risk

February 22, 2021

Public Sector IT Funding Outlook for 2021–and What It Means for Our Reseller Partners

February 18, 2021

MSPs: Grow the Business with Marketing (While Focusing on What You Do Best)

February 17, 2021

Webinars

View all

XDR and Why it Matters to MSPs

March 24, 2021

Top Security Trends Impacting Technology Security Providers In 2021

March 25, 2021

In Case of Emergency: The Importance of Proactive Critical Event Management

February 23, 2021
  • 1

White Papers

View all

Kaspersky Endpoint Detection and Response Optimum

February 19, 2021

Product Brief: Kaseya VSA Integrated Workflows with BMS and IT Glue

January 26, 2021

Why Subscription Business Model

January 15, 2021

Upcoming Events

View all

Channel Partners Virtual

March 2, 2021 - March 4, 2021

Channel Partners Conference & Expo

November 1, 2021 - November 4, 2021

Videos and Fastchats

View all

FASTCHAT: How SOAR Eliminates Security Challenges and Elevates Service Provider Revenues

January 6, 2021

Happy Holidays from Channel Partners & Channel Futures!

December 21, 2020

FASTCHAT: How Old, Unpatched Technologies Are Creating New Security Threats for MSPs and Their Customers

December 3, 2020

Twitter

ChannelFutures

.@AteraCloud receives $25 million investment to help more #MSPs, IT pros. dlvr.it/RtPbBG https://t.co/UxHqhrUKgx

February 24, 2021
ChannelFutures

.@Infoblox rolls out new #Cloud Specialization program to increase partners' #SaaS sales. dlvr.it/RtPb7f https://t.co/CmZTwYiv1u

February 24, 2021
ChannelFutures

RT @Channel_Expo: ⏱️ Time is ticking to save on your pass to #CPVirtual next week...View all pass options and secure your virtual seat by F…

February 24, 2021
ChannelFutures

The new @Commvault #EMEA channel exec will focus attention on alliances, cloud and simplifying and expanding partne… twitter.com/i/web/status/1…

February 24, 2021
ChannelFutures

#NYC #MSP @Electric_AI receives $40 million in C-Series investment from VC firm @GreenspringVC.… twitter.com/i/web/status/1…

February 24, 2021
ChannelFutures

.@rev_io_hq says the #backoffice grows in importance as more people work from home. dlvr.it/RtNLjd https://t.co/YZEVnm3KVk

February 24, 2021
ChannelFutures

.@KaseyaCorp acquires @rocketcyber, beefs up #cybersecurity for MSPs. dlvr.it/RtLQQ7 https://t.co/GXkDVhoNw5

February 23, 2021
ChannelFutures

Continuing #digitaltransformation for partners helps unlock #aaS and sales, says @GeorgeHope216.… twitter.com/i/web/status/1…

February 23, 2021

MSSP Insider

Newsletters and Updates

Sign up for The Channel Report, Channel Futures Update, MSP 501 Newsletter and more.

Live Channel Events

Get the latest information on the next industry-leading Channel Partners event.

Channel Partners Online

Want more? Find more channel news and analysis on our sister site, Channel Partners.

Media Kit And Advertising

Want to reach our audience? Access our media kit

DISCOVER MORE FROM INFORMA TECH

  • Channel Partners Online
  • Channel Partners Events
  • MSP 501
  • MSSP Insider
  • IoT World Today
  • Webhostingtalk

WORKING WITH US

  • Contact
  • About us
  • Advertise
  • Newsletter

FOLLOW Channel Futures ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2021 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X