IFSM 304 Week 4 Discussion
Despite being one of the most prominent organizations in the world, Marriot International has come under sharp criticism due to a series of data breaches. For the last 8 years, the hospitality company has been constantly dealing with cybersecurity issues related to users' data breaches. In June 2022, Marriott International experienced a massive data breach for a third time.
According to Powell (2022), this was “its third major data breach of the past eight years as hackers gained access to one of its customer databases” (para. 1). In the breach, at least 300 guests had their data affected. Though affirming the attacker did not succeed in accessing Marriott’s core network, Marriott spokesperson Melissa Froehlich Flood said they “used social engineering to trick one associate at a single Marriott hotel into providing access to the associate’s computer" (para. 4). I recommend the following best practices to ensure that Marriott’s series of data breaches do not occur again. Marriott should hire top talents in cybersecurity to create new mitigation strategies and tools to prevent the occurrence of such attacks in the future. Since the latest attack used social engineering techniques, Marriott should use a zero-trust network access and employ the least privilege principle. Besides, it should implement robust cybersecurity programs such as encryption technologies, multifactor authentication, alerting tools, data monitoring, and stringent password policy
(Salido, 2010).
It gets construed that the latest attack could have occurred due to potential lack of employee training on how social engineering attacks work. Therefore,
social engineering awareness training is necessary to minimize the chances of any future social engineering attacks. Furthermore, Marriott should maintain strong integrity and transparency with its stakeholders. They should have an instant process to notify regulatory authorities and affected users as fast as possible. It entails reminding the visitors to be responsible for their personal security by considering their private information to share with hospitality companies (Salido, 2010). At the same time, a comprehensive response plan will enable Marriott’s employees to evaluate the extent of the breach and make a swift decision promptly. This will minimize the extent of data breaches and restore public trust (Straub, 2021).
References:
