Cyber Crime Prevention
Marriott International, one among the best organizations in the hotel industry suffered a new cyberattack which revealed the personal details of 5.2 million guests. This is a second data breach on the organization after the last cyber-attack in 2018. The data breach is believed to have happened from Mid-January 2020 which was only discovered at the end of February. It is at the end of February when the organization identified that the network of an unspecified hotel chain had been hacked. It was also believed the hackers responsible for the data breach had access to the login credentials of two employees of the organization that may have access to personal details of guests. From that reasoning, the organization believed the data breach had started as early as the Mid-January.
The hackers, with the use of the login credentials, managed to access personal details that include telephone numbers, names, birthdates, language preferences, and the loyalty account numbers. The organization made a clear statement that the hack did not involve details like passwords and PINs of the Marriott Bonvoy account, card payment details, driver’s license number, passport information, and national ID. This data breach happened less than two years from the previous attack which involved the subsidiary part of the organization, Starwood. That data breach affected over 500 million guests. Therefore, the organization can be termed to be Careless for committing an honest mistake as it should have learned and upgraded its cybersecurity after the first attack. This is a weakening call for organizations in the entire hospitality industry to be vigilant and know better concerning their cybersecurity. Generally, what could have the organization done to prevent the data breach and maybe mitigate its impact.
The organization needs to understand the various ways that can be used to perform a data breach. An innocent mistake can lead to a data breach which can cause real damage when an unauthorized person manages to access and steal personally identifiable information and other corporate intellect data for malicious reasons or financial gains. The hackers are organized in a basic pattern and data breach plan that involves the identification of a target weak point within the cybersecurity of the organization. A target weak point may occur from a missing and failing update and also from susceptible reckless employees of the organization. The employees targeted must have access to the targeted levels of security access required to perform a successful data breach by hackers. The hackers develop a plan to get inside the organization through direct entry on the network or initiating an insider to downloading malware.
The organization should prevent the following weak points in the organization that lead to data breaches. The organization should prevent the organization from having a lot of stolen credentials. Stolen and weak credentials are the vast majority cause of the data breaches. When the hackers can access and utilize a username and password combination to technically open a gateway into the dangerous network. Therefore, the employees of the organizations should not reuse passwords and should set up strong password combinations to increase the difficulty of bypassing the combinations by hackers. The organization should have protected the stealing of credentials from allowed personnel and also campaign for the creation of a strong username and password combinations.
The organization should have conducted regular and scheduled updates of the security software to avoid weak points that could be exploited by hackers. Updated security software has all new and potential definitions of malware and sufficient security measures to counter the malware attacks in an attempt to access the network of the organization. The organization should maintain regular risk assessments that focus on assessing the vulnerability of cybersecurity and data protection in the organization. The assessment should be exhaustive in that all aspects are checked for data breach risks including the data storage of the organization and all remote access points for employees. The risk assessment involves the renewal and enforcement of the procedures and policies adequate in cybersecurity.
The organization must demand and require high data protection standards from vendors and partners. The organization must evaluate the security factor that involves trusting the software vendors and partners with organization and customer details. In the given situation, Marriott International utilizes its personal cybersecurity systems acquired from the acquisition of Starwood. Therefore, it is most important to maintain and increase the security and relevance levels of the systems available. High data protection standards must be demanded from all partners and vendors of data protection hardware and software devices.
Stolen and weak credentials are one of the potentials causes of a cyber attack and will significantly expose the cybersecurity system to hackers. The organization must monitor and block out reported stolen credentials. The security systems must recognize and forbid the use of reported stolen credentials. Therefore, the organization must require all members that lose or have a reason to believe their credentials have been compromised to report to the cybersecurity personnel for monitoring of activities. The organization must enforce the use of strong credentials which involves making complicated and complex but understandable combinations of usernames and passwords for more security. Multifactor authentication should be incorporated with the credential to offer an extra layer of protection. Multifactor authentication requires login credentials to be integrated with two or more login features unique to the authorized user.
The organization should consider the encryption of personal details and backing up data over the cloud. Encryption increases the data security of private and personal data by using unique codes that hide the data from unauthorized reads. These security measures are important and complement other security measures as it keeps data safe from the hackers when they manage to bypass the firewall and other security measures. All collected personal details in the organization should be encrypted from the access and possession of unauthorized agents, and corporations.
In conclusion, the Marriott International data breach on personal data could have been prevented. The organization needs to be more vigilant in their security measures and their regular risk assessment to prevent any future cyberattacks. The effects of the cyberattack could have been reduced by increasing awareness in stronger credentials and the integration of the multifactor authentication to strengthen the credentials. Any lost or stolen credentials must be reported to be monitored to prevent their exploitation by malicious and unauthorized persons. Date encryption and back up are essential in the prevention of access and utilization of the stolen credentials and personal data stored within the organization. The discussed measures involves the risk management which are meant to prevent and lessen the impact of a cyber-attack on an organization.

References
Back, S., & LaPrade, J. (2019). The Future of Cybercrime Prevention Strategies: Human Factors and A Holistic Approach to Cyber Intelligence. International Journal of Cybersecurity Intelligence & Cybercrime, 2(2), 1-4.
Paraskevas, A. (2020). Cybersecurity in travel and tourism: a risk-based approach. Handbook of e-Tourism, 1-24.

Published by
Essays
View all posts