Top 2 IT Security Lessons from 2 Historic Data Breaches
By Kwang Edeker - April 23, 2019
On November 30, 2018 Marriott’s President and Chief Executive Officer issued a statement, “We deeply regret this incident happened. We fell short of what our guests deserve and what we expect of ourselves. We are doing everything we can to support our guests, and using lessons learned to be better moving forward.”
That’s how we learned about the largest corporate security breach in history. If that wasn’t enough, the company admitted that the hackers had been hiding in their system, undetected for years.
Unfortunately, scenes like this seem to be happening more and more. And it can happen to all types of businesses. In 2017, 61 percent of small-to-medium businesses reported being hacked.
The Top Lesson from the Marriott Cyber Attack
The Marriott Hotels data breach was initially estimated at almost 500 million accounts compromised. In 2014, the network of the Starwood Hotels was breached by a cyber-attack. Two years later Starwood Hotels was purchased by Marriott Hotels.
In 2018, Marriott’s internal cybersecurity team found the breach. It had been almost four full years, during which time, the hackers had access to over 20 million customer records including names, addresses, financial information, and even passport numbers.
Security assessments should be a part of every engagement with an outside party. Whether working with contractors, inheriting a computer or other technologies, and sometimes even employees, it’s best to assume they’ve already been compromised. Put security first.
The Top Lesson from the Equifax Cyber Attack
In 2017, Equifax announced their network was breached. Almost 150 million US customers were affected. In March of 2017, the system vulnerability was initially found and an update and patch were released. But Equifax didn’t install this specific update and patch, and it left their systems open to attack.
For the next four months, Equifax didn’t see the vulnerability. The patch and update that weren’t installed back in March were needed to detect it. This was when the attackers may have penetrated the network.
It was late June when Equifax finally discovered the problem -- but Equifax didn’t cut off the hackers access for another month after it was discovered. When they finally plugged the hole, they waited an additional two months before informing the public.
Always keep your computer systems updated and patched. Put policies in place for addressing patches and software updates as they’re released. You also need to perform regular preventative maintenance on your systems, because hackers don’t sleep. Lastly, have a response plan in place.
These two companies had the resources to weather the storm. Smaller businesses may not, but you can learn from their mistakes. Working with a Managed Service Provider with a strong focus on IT security can help keep your business safe. Contact us today to learn more.