Home Podcasts Videos Guest Posts Q&A My Take Bio Contact
 

Searching for: marriott

 

ROUNDTABLE: Massive Marriott breach continues seemingly endless run of successful hacks

By Byron V. Acohido

I have a Yahoo email account, I’ve shopped at Home Depot and Target, my father was in the military and had a security clearance, which included a dossier on his family, archived at the U.S. Office of Personnel Management, I’ve had insurance coverage from Premera Blue Cross and I’ve stayed at the Marriott Marquis in San Francisco.

Related: Uber hack shows DevOps risk

The common demonitor: All of those organizations have now disclosed massive data breaches over a span of the past five years.

On Friday, Starwood Properties, which merged with Marriott in 2016, disclosed as many as 500 million people who made reservations at their hotels may have had their personal information accessed in a breach that lasted as long as four years.

The Starwood hack appears to come in second in scale only to the 2013 Yahoo breach, which affected as many as 3 billion accounts, while a subsequent Yahoo breach also hit 500 million accounts.

The breach is rightly attracting attention of regulators in Europe and the United States. Marriott shares fell nearly 6 percent to $114.67 in Friday afternoon trading. Here’s a roundup of reaction from cybersecurity thought leaders: …more

NEW TECH: LogicHub introduces ‘virtualized’ security analysts to help elevate SOAR

By Byron V. Acohido

One of the promising cybersecurity trends that I’ve been keeping an eye on is this: SOAR continues to steadily mature.

Security orchestration, automation and response, or SOAR, is a fledgling security technology stack that first entered the cybersecurity lexicon about six years ago.

Related: Here’s how Capital One lost 100 million customer records

SOAR holds the potential to slow – and, ultimately, to help reverse – the acute and worsening cybersecurity skills shortage. SOAR vendors purport to do this by leveraging automation in more sophisticated ways to help enterprises and MSSPs cull the vast data flows that inundate modern business networks.

One SOAR innovator that has been gaining steady traction is Mountain View, Calif.-based LogicHub. I first spoke to Kumar Saurabh, LogicHub’s co-founder and CEO, not long after the company launched in 2016. Saurabh spent 15 years leading product development at ArcSight, the SIEM management company acquired by HP for $1.5 billion, and later co-founded SumoLogic.

Saurabh told me he developed a passion for helping organizations improve the efficiencies of their security operations. And this inspired him to co-found LogicHub. I had the chance to meet with him again at Black Hat 2019 in Las Vegas. He told me about recent breakthroughs LogicHub has made putting smarter tools into the hands of cyber analysts.

For a full drill down on our discussion give a listen to the accompanying podcast. Here are my takeaways:

Skills deficit

Over the past 20 years, enterprises have shelled out small fortunes in order to stock their SOCs with the best firewalls, anti-malware suites, intrusion detection, data loss prevention and sandbox detonators money can buy. But that hasn’t been enough.

Today there exists a widening shortage of security analysts talented and battle tested enough to make sense of the rising tide of data logs inundating their SIEM systems. This skills deficit has been the top worry of IT pros for several years, according to tech consultancy ESG’s annual survey of IT pros; some 53% of the organizations participating in ESG’s 2018 -2019 poll reported a “problematic shortage” of cybersecurity skills. …more

MY TAKE: Six-figure GDPR privacy fines reinforce business case for advanced SIEM, UEBA tools

By Byron V. Acohido

Europe came down hard this summer on British Airways and Marriott for failing to safeguard their customers’ personal data.

The EU slammed the UK airline with a $230 million fine, and then hammered the US hotel chain with a $125 million penalty – the first major fines under the EU’s toughened General Data Protection Regulation, which took effect May 25, 2018.

Related: Will GDPR usher in new age of privacy?

It’s no wonder security analysts toiling in security operations centers (SOCs) are depressed. There’s a widening security skills shortage, the complexity of company networks is going through the roof, cyber attacks continue to intensify and now regulators are breathing down their necks.

More than half of the 554 IT and security pros recently polled by the Ponemon Institute consider their SOCs to be ineffectual and some 66% indicated they are considering quitting their jobs.

I had an evocative discussion about this with Sam Humphries, senior product marketing manager for Exabeam. We spoke at Black Hat USA 2019. Exabeam, which sponsored the Ponemon study, is a San Mateo, Calif.-based supplier of advanced security management systems.

Fortunately, there is a cottage industry of cybersecurity vendors, Exabeam among them, engaged in proactively advancing ways for SOC analysts to extract more timely and actionable threat intelligence from their security information and event management (SIEM) and user and entity behavior (UEBA) systems. For a full drill down on our meeting, give a listen to the accompanying podcast. A few key takeaways:

Sticks & carrots

Poor security practices at British Airways resulted in hackers pilfering credit card information, names, addresses, travel booking details and logins for some 500,000 airline customers. Marriott, meanwhile, failed to notice a breach that persisted for four years, exposing some 339 million customer records, of which about 30 million belonged to European residents.

Under GDPR, Europe has the authority to fine organizations up to 4 percent of their annual global revenue if they violate any European citizen’s privacy rights, for example, by failing to secure their personal data. What’s more, organizations that run afoul of the GDPR’s new data loss reporting requirements could face additional fines up to 2 percent of annual global revenue. …more

GUEST ESSAY: How stealth, persistence allowed Wipro attacker to plunder supply chain

By Chris Gerritz

The recent network breach of Wipro, a prominent outsourcing company based in India, serves as a stunning reminder that digital transformation cuts two ways.

Our rising dependence on business systems that leverage cloud services and the gig economy to accomplish high-velocity innovation has led to a rise in productivity. However, the flip side is that we’ve also created fresh attack vectors at a rapid rate – exposures that are not being adequately addressed.

Related: Marriott suffers massive breach

We now know, thanks to reporting from cybersecurity blogger Brian Krebs, that the Wipro hack was a multi-month intrusion and likely the work of a nation-state backed threat actor. What’s more, the attackers reportedly were able to use Wipro as a jumping off point to infiltrate the networks of at least a dozen of Wipro’s customers.

Wipro issued a media statement, via its Economic Times division, acknowledging “potentially abnormal activity in a few employee accounts on our network due to an advanced phishing campaign . . . Upon learning of the incident, we promptly began an investigation, identified the affected users and took remedial steps to contain and mitigate any potential impact.”

Wipro did not provide many additional details. However, one has to wonder whether, beyond its customers, …more

NEW TECH: DataLocker extends products, services to encrypt data on portable storage devices

By Byron V. Acohido

No matter how reliant we ultimately become on cloud storage and streaming media, it’s hard to image consumers ever fully abandoning removable storage devices.

There’s just something about putting your own two hands on a physical device, whether it’s magnetic tape, or a floppy disk, or a CD. Today, it’s more likely to be an external drive, a thumb drive or a flash memory card.

Related: Marriott reports huge data breach

Ever thought about encrypting the data held on a portable storage device? Jay Kim, co-founder and CEO DataLocker, did.

Launched as a one-man operation in 2007, DataLocker has grown into a leading manufacturer of encrypted external drives, thumb drives, flash drives and self-encrypting, recordable CDs and DVDs.

DataLocker today has 40 employees and last year moved into a larger facility in Overland Park, Kansas, with room to grow. I had the chance at RSA 2019 to visit with Shauna Park, channel manager at DataLocker, to discuss what’s new in  the encrypted portable drive space. For a full drill down please listen to the accompanying podcast. Key takeaways:

Protected backup

Even with increased adoption of cloud computing, external storage devices, like USB thumb drives and external hard drives, still have a major role in organizations of all sizes. These drives still serve a purpose, such as transporting data from one computer to another, accessing presentations outside of the office, or as an additional backup solution. …more

MY TAKE: Identity ‘access’ and ‘governance’ tech converge to meet data protection challenges

By Byron V. Acohido

As companies make more extensive use of evermore capable – and complex — digital systems, what has remained constant is the innumerable paths left wide open for threat actors to waltz through.

Related: Applying ‘zero trust’ to managed security services.

So why hasn’t the corporate sector been more effective at locking down access for users? It’s not for lack of trying. I recently discussed this with Chris Curcio, vice-president of channel sales at Optimal IdM, a Tampa, Fla.-based supplier of identity access management (IAM) systems, which recently announced a partnership with Omada, a Copenhagen-based provider of identity governance administration (IGA) solutions.

Curcio walked me through how identity management technologies evolved over the past two decades. He pointed out how they’ve gone through a series of consolidations, including one unfolding right now. I found this historical overview to be quite instructive. It shed light on how we got to this era of companies struggling to secure highly complex networks, housed on-premises and in overlapping public and private clouds, while at the same time striving to optimize the productivity of employees and – increasingly — third-party suppliers and contractors.

Fortunately, the identity management space has attracted and inspired some of the best and brightest tech security innovators and entrepreneurs. And the encouraging news is that the best of them have, once again, begun to seek out alliances in an effort to elevate baseline protections. Here are takeaways from our fascinating discussion:

Access pain points

As this century began, and companies began assembling the early iterations of modern business networks, there was a big need for employees to log into company email systems and business applications. So along came a group of startups supplying “single sign-on” capability – a way for a user to access multiple applications with one set of credentials.

A separate set of startups soon cropped up specifically to handle the provisioning of log on accounts that gave access to multiple systems, and also the de-provisioning of those accounts when a user left the company. It wasn’t too long before the single sign-on suppliers and the provisioning vendors began to merge; most of the leaders were acquired by tech giants like Oracle, IBM, Cisco, CA Enterprises and Sun Microsystems.

Not long afterwards, in about the 2010 time frame, IAM vendors first arrived on the scene, including Optimal IdM, Centrify, Okta and CyberArk, followed by many others. These vendors all spun out of the emergence of a new set of protocols, referred to as federated standards, designed to manage and map user identities across multiple systems. The IAM vendors took single sign-on to the next level, adding multi-factor authentication and other functionalities. …more

MY TAKE: What it takes to beat cybercrime in the age of DX and IoT: personal responsibility

By Byron V. Acohido

Back in 2004, when I co-wrote this USA TODAY cover story about spam-spreading botnets, I recall advising my editor to expect cybersecurity to be a headline-grabbing topic for a year or two more, tops.

Related:  A primer on machine-identity exposures

I was wrong. Each year over the past decade-and-a-half, a cause-and-effect pattern has spread more pervasively into the fabric of modern society. Each and every major advance of Internet-centric commerce – from e-tailing and email, to social media and mobile computing, and now on to the Internet of Things – has translated into an exponential expansion of the attack surface available to cybercriminals.

And malicious hackers have taken full advantage – whether they are motivated by criminal profits, backed by nation-state operatives, or simply desirous of bragging rights. Year-in and year-out, criminal innovation has far outpaced the effort on the part of companies and governments to defend their business networks, as well as to preserve the sanctity of our private data.

…more