Ratti Otters Cybersecurity - Marriott Data Breach Problem ✓ Solved

Ratti Otters Cybersecurity - Marriott Data Breach The Problem

The issue at hand regards cyber-attacks within the private sector. Data is becoming increasingly valuable and emerging technologies are allowing businesses to collect more data than ever. Even though a substantial amount of this data collection is necessary or essential to business operations, private businesses must be held accountable for the data they possess and follow preventative measures to mitigate any future data breaches. Marriott has experienced two data breaches within the last two years and consequently faces a damaged reputation and decreased business due to consumers’ loss of privacy, reduced faith in business, and risk of having their personally identifiable information (PPI) stolen and misused. Data security instances such as these should communicate to companies that customer data is part of the revenue center, not the cost center.

Better security not only prevents breaches but also builds trust with the business’s customer base which in turn generates more revenue. Businesses need to see data as not just an asset, but a liability if it is not protected. In February 2020, it was discovered that login credentials of two Marriott employees were compromised, allowing hackers into Marriott’s loyalty program database. This breach took personal details of 5.2 million loyalty members, including names, email addresses, mailing addresses, phone numbers, dates of birth, gender, language preferences, and room preferences.

Marriott responded to the breach by contacting affected guests and launching a website that offered monitoring for those whose information could be compromised. However, the company faced severe repercussions, including a fine of over $24 million for a separate incident occurring in 2018. Security experts noted that basic cybersecurity practices, such as two-factor authentication and consistent monitoring of user accounts, could have potentially mitigated these incidents. Unfortunately, cybersecurity experts criticized Marriott for failing to implement fundamental security practices effectively.

Background of Marriott Data Breaches

The 2018 Marriott data breach, which had ongoing data access since 2014, compromised the sensitive information of up to 500 million people. Hackers accessed personal names, addresses, phone numbers, email addresses, passport numbers, and some credit card information. The nature of this breach was linked to a sophisticated hacking effort likely associated with Chinese intelligence. This was not an isolated incident, as Marriott suffered three significant cyber-attacks over 18 months, highlighting concerns about their cybersecurity posture.

Stakeholders Involved

The primary stakeholders include Marriott Hotels, which must ensure customer security while operating their business profitably, and users of the Marriott loyalty program, who have varying levels of knowledge regarding data privacy and security. Additionally, malicious hackers represent significant threats, while secondary stakeholders like data security firms and government entities play essential roles in protecting and regulating data security.

Policy Alternatives

Several policy alternatives can help mitigate future breaches. These options include hiring third-party security services, enhancing internal security training, and enacting uniform data protection policies similar to the General Data Protection Regulation (GDPR). Each alternative carries distinct strengths and weaknesses. For instance, while third-party services can offer advanced protection through penetration testing, they can also come with high costs. Internal training may be cost-effective, yet may lack the effectiveness necessary for substantial security improvements.

Implementation Steps

To effectively implement one of these solutions, it is critical to establish clear goals, assign responsibility for overseeing security measures, and conduct thorough risk assessments to identify vulnerabilities. A budget must also be allocated for security programs, with a projected initial cost of around $650,000 for effectively securing Marriott's systems. Regular evaluations of data breach incidents, user feedback, and overall company performance will determine the policy’s success.

Projected Impact

Improving data security will likely enhance consumer trust, thereby increasing participation in the loyalty program along with positive business performance. Tracking regular and new user enrollment in the loyalty program, consumer satisfaction surveys, and reduced frequency of breaches will serve as measures of success for the implemented policies. A focus on ongoing evaluation will allow Marriott to adapt to the changing cybersecurity landscape and continuously strengthen their data protection efforts.

Conclusion

The Marriott data breaches serve as a critical reminder of the importance of robust cybersecurity strategies. As the digital landscape continues to evolve, businesses must recognize the significance of data security not only as a legal requirement but as a vital aspect of customer trust and business success. With the implementation of effective policies and security measures, companies like Marriott can work to safeguard their reputation while protecting their customers’ vital information.

References

• Fruhlinger, Josh. “Marriott Data Breach FAQ: How Did It Happen and What Was the Impact?” CSO Online, CSO, 12 Feb. 2020.
• “How Much Does Cyber Security Cost? Common Cyber Security Expenses & Fees.” Proven Data, 3 Dec. 2020.
• Irmax, et al. “Marriott Data Breach 2020: 5.2 Million Guest Records Were Stolen.” Security Boulevard, 13 Apr. 2020.
• “Marriott Discloses Data Breach Affecting Around 5.2 Million Guests.” Cruise Guide, 31 Mar. 2020.
• Wikipedia. “Marriott International.” Wikimedia Foundation, 4 Dec. 2020.
• “The Marriott Data Breach.” Consumer Information, 26 Sept. 2019.
• Sanger, David E., et al. "Marriott Data Breach Traced to Chinese Hackers." New York Times, 12 Dec. 2018.
• Uberti, David. "Marriott Reveals Breach that Exposed Data of Up to 5.2 Million Customers." Wall Street Journal, Mar 31, 2020.
• Uberti, David. "Data Breach at Marriott is the Third in 18 Months." Wall Street Journal, Apr 01, 2020.
• Zorz, Zeljka. “Marriott International 2020 Data Breach: 5.2 Million Customers Affected.” Help Net Security, 28 May 2020.