If you’ve stayed at any of the 102 New Jersey Marriot hotels between 2014 and today, chances are that a hacker has your personal information. If you were tweeting on Twitter in the early months of this year, your password (and subsequent access to your data) might have been hanging out in unprotected plaintext on an internal log for months. These are just two 2018 examples of how lax or neglected data security practices can compromise not just consumer data, but also the existence of the companies that fail to protect it.
Marriot Misses the Security Mark
Early Friday morning, November 30, Marriot Hotels announced that its Starwood Hotels affiliate had suffered a data breach which stole the personal information of approximately 500 million hotel guests. In its report filed with the Securities and Exchange Commission, the world’s largest hotel chain acknowledged that, while it had discovered the hack September 8th of this year, the vulnerability has probably been in existence since 2014. During that time, the cyberthieves have had access to:
- The reservations data of 500 million Starwood Hotels guests;
- The personally identifiable information (PII) of 327 million of those guests, including some combination of names, addresses, phone numbers, emails, passport numbers, payment card information, and
- Potentially, the encryption components that are needed to decrypt those payment card numbers. If those decryption tools are gone along with the encrypted card numbers, then there’s a reason to believe that those thieves are now hacking those payment card accounts.
Twitter Leaves Users Twisting
Twitter may have avoided a similar disaster but not for lack of trying. While no criminal hacking was apparently involved, the social media behemoth reported that it had inadvertently stored user passwords in an unprotected log, which would have been vulnerable to exploitation, assuming the wrong person found out about it. The error report was filed in May 2018, and, so far, no one has reported any damage that it may have caused.
Two Errors; Common Problems
The disparate errors by Marriott and Twitter are examples of different but equally concerning data management failures: intentional theft and inadvertent exposure.
- With a deliberate theft, a nefarious entity specifically targets both the victim and the data. These thefts are difficult to defend against when the method used is new and unknown. However, once cybersleuths reveal the methodology of such a cybercrime, cybersecurity professionals can program in protections to prevent it from happening again.
- An unintentional gap in security is equally hard to defend against since there are usually many people and programs in which it can develop. One way to reduce the risk of an inadvertent security lapse is to run continuous testing of security systems to find gaps or failures.
Both the Marriot and Twitter data security failures also point out one glaring reality: even the biggest and best in their industries are frequently not able to properly manage or secure their data. Further, if these two megacorporations can’t keep their information properly safe from prying eyes, how can a small business expect to accomplish that feat? The short answer: most small and medium-sized businesses can’t achieve that goal so they turn to a trusted managed IT services provider to maintain their security perimeters for them.
Managed IT Security Services
Outsourcing IT security duties makes sense for any company that doesn’t itself specialize in IT security. Today’s cybercrime landscape is rife with emerging threats and maintaining a secure data perimeter requires constant vigilance. Most companies are too focused on their core functions to expend the resources needed to keep that vigilance up to par. The managed IT security provider, however, offers both the tools and expertise needed for this very specific job and is continually adding tools as cyber concerns develop.
If the unfortunate data breach cases of Marriot and Twitter raise your concerns about the security of your corporate data, contact Techwerxe today.
