We just don’t know about it yet.
On November 30, 2018,Marriott Hotel network reported an amazing breach of security. The world’s largest hotel chain said it learned of the breach on September 8. The company said the Marriott hotel network was not affected. “The investigation only identified unauthorized access to the separate Starwood network,” it said. Marriott acquired Starwood Hotels & Resorts Worldwide in 2016.
Dedicated Website
Marriott has set up a dedicated website and call center (877-273-9481) to handle questions concerned people might have about their personal information. If you have made reservations at or used the facility of any of the Starwood Hotels & Resorts in the past year especially, you should find out what damage you might have suffered. The company offers a one year free enrollment in Web Watcher, a monitoring service that alerts to the selling online of personal information. You must enroll for a match to be made and a subsequent alert sent.
LinkedIN Influencer, and CBS News Business Analyst, Jill Schlesinger, provides a helpful article on “What to do,” after such a massive breach. From Jill you will find good practical steps. But a more unique observation that shows the true source of amazement over this breach comes from Benedict Evans in his newsletter (Benedict’s Newsletter). Evans notes that the true source of amazement over this breach is not that it happened. We see these breaches with rather startling frequency. Nor should we be amazed by its size. Other breaches have been as big or bigger. Rather, the amazement should center on the fact that it took 4 years before it was noticed. Now that is amazing!
Amazement
Evans goes on to present a very interesting point of view. Not the view of a novice, by the way. But of someone who researches and reports with regularity on a broad spectrum of technology.
He says, “Marriott’s Starwood business (W, Weston and many other brands) had its database hacked, apparently on an ongoing basis since 2014. 500m people are affected, and for over 300m some combination of data of birth, passport details and home mailing address was compromised. Also possible that credit cards were compromised as well.
“Everything has been hacked – we just don’t know about it yet. Broader point: the threat environment has changed radically, the attack surface area is much larger than many companies understand, and all of this is a major incentive to move to SaaS and the cloud, and to full encryption.”
Discouraging
Really?! That’s not very encouraging. Rather, discouraging. And perhaps pointedly so. The intent of such a viewpoint is perhaps focused on challenging the status quo and creating an atmosphere for true change. Evans went on to say, “…this is a major incentive to move to SaaS and the cloud, and to full encryption.” Not a subtle agenda
SaaS, you recall, is Software as a Service. Not your unique software, unattended and unprotected, unique to your industry. But software from a central provider who is responsible to keep secure access. Same with the cloud. Centralized access to data kept secure by concerted effort. For a price. Full encryption is the icing on the cake. Not an unnecessary icing. But certainly a top layer meant to sweeten the cost of SaaS and Cloud.
Be alert!
The landscape of online data and online computing is changing. The massive shift to making purchases on line demonstrate how valuable the internet is to businesses of all sizes and kinds. But we can see that as more money flows on the internet, more are tempted to gouge the pie and steal some of the goods for themselves. Without proper access. Controlling the access points will provide greater security. But controlling the access points will also bring greater control. How deeply that control will extend into your life is a question that calls for great awareness. Imagine not being allowed to buy or sell anything without ideological conscription. Might be worth knowing about before the fact, not after.
If you are uncomfortable with the level of security at your business, please don’t put off giving Alliant a call. We have an outstanding Cybersecurity Program which will provide layered protection for your data, workstations and network. Call us! (626) 461-1300.