Security Breach: Assume You Are Compromised
The most important principle in cybersecurity defense that applies to both corporations and individuals is assume you are compromised. Unless you live under a rock, you have heard that Marriott disclosed this week the personal and financial information of 500 million guests of its Starwood hotel properties has been breached. This security breach lasted 4 years, which is 1,460 days of no detection and lack of adopting the thinking that yes, a security breach can happen to you. For any business, you must accept the notion that it is no longer possible to keep the bad guys out of your networks entirely. This doesn’t mean you don’t rely anymore on traditional defense mechanisms.
To defend your security, you must be right 100% of the time. If you are a hacker, you need to be right just once. The odds are stacked against you from the start. To combat this, you must have a complete security strategy. This involves not only focusing on breach prevention, but equally on intrusion detection and response. It starts with the assumption that failing to respond quickly when a hacker gains entry, can go left undetected for days, months or years, and can cost the entire organization dearly. A business must constantly test their own networks and employees for weaknesses, and regularly test their breach response preparedness (much like a fire drill.
Marriott suffered at least one previously unreported hack, including an infection that hit the company’s own cyber-incident response team. And there’s evidence Russian cybercriminals have breached Starwood Web servers. Marriott’s security is now facing probes from multiple government bodies, including the New York Attorney General’s office. European regulators like the U.K. information commissioner, who have the ability to fine companies significant sums with the power of the General Data Protection Regulation (GDPR), are also looking into the incident. Marriott is now facing multiple class action lawsuits as a result of this mega-breach.
What are the lessons that can be learned by this Marriott breach? First, the longer you ignore signs of a problem, the worse the problem will get and more clean up that needs to happen. Second, security breaches come in all different shapes and sizes, and you can never rest on your laurels be protected. Third, there is no such thing as 100% protected, no matter how hard you try, so the best protection is to always assume you are breached and react appropriately. 2W Tech is a full-service IT Consulting firm that specializes in Cybersecurity and Security solutions and can help your business achieve security protection standards and solutions that can help protect your organization the best you can. Give us a call today to learn more.
Microsoft Azure Security, Privacy and Compliance
Interested in reading this article? Click the button below to download this asset.