Assignment Four - Juan Carlos Maravilla
docx
keyboard_arrow_up
School
California State University, Fresno *
*We aren’t endorsed by this school
Course
MISC
Subject
Information Systems
Date
Dec 6, 2023
Type
docx
Pages
4
Uploaded by CaptainGooseMaster773
Juan Carlos Maravilla
Professor Zakaria
MIS 101 - 04
1 December 2023
Assignment Four: Root Cause Analysis – Network Attacks
Unauthorized access is when a person gains entry to a computer network, application
software, system, data, or any other resources without authorization. Common reasons for
unauthorized access include stealing sensitive data, causing damage, and holding data hostage
through a ransomware attack. A CVE Record example of this is the Jura Internet Connection Kit
for the Jura Impressa F90 coffee maker, which allowed remote attackers to cause a service crash
and execute arbitrary code through unspecified vectors due to the multiple buffer overflows.
There was also a case with ZyXEL in which routers had a minimum password length for their
administration account that was too small, which therefore made it easier for remote attackers to
gain access by guessing the small passwords that were set up.
Marriott was a company that fell victim to unauthorized access back in January 2020.
Hackers abused a thrid-party application that Marriott used to provide guest services. The attack
helped the hackers gain access to 5.2 million records of Marriott guests. The records included
sensitive information such as passport data, contact information, gender, birthdays, and loyalty
account details. The malicious activity was discovered a month later in February 2020 by
Marriott’s security team when they noticed the suspicious activity and sealed the whole breach
immediately. Marriott remediated their network soon after the discovery of the breach and had
the needed technical resources to do so. In response to the issue, Marriott contacted guests whose
details may have been taken through email and launched a website dedicated to those who were
affected. Attackers first started this breach by compromising the credentials of two Marriott
employees to log in to one of the hotel chain’s third-party applications. For two months,
Marriott’s cybersecurity team failed to notice the suspicious activity that was occurring through
these employees’ profiles. Marriott did not have third-party vendor monitoring along with user
and entity behavior analytics in place, which led to unauthorized access by the remote attackers.
This points toward the issues of the situation being more technical than managerial. This of
course damaged Marriott’s reputation as a respectable and reliable hotel chain, since guests
would now think about this breach whenever considering residing at any location, fearing
something similar could occur again. After failing to comply with General Data Protection
Regulation (GDPR) requirements, Marriott had to pay a $23 million dollar fine. After affecting
almost 339 million hotel guests, Marriott most likely lost many potential customers.
It is surprising to see a huge and notable hotel chain like Marriott dealing with a
significant data breach (for the second time!). I would have believed that their cybersecurity
system was stronger since they are such a huge hotel company with so many locations. If I were
the business systems analyst for Marriott, I would first make sure to establish a third-party
monitoring system to prevent any future similar breaches. I would also put user and entity
behavior analytics in place. There would also have to be a development of a security-centric
culture, since this would help protect data from remote attackers, no matter where the data
resides. Staying updated on anything that needs upgrading security wise would also be
important, keeping the company one step ahead of all remote hackers. I would enforce the use of
encryption for the viewing, exchanging, and storing of all sensitive information. Access to
systems and data would be limited to certain people and only be used on certain times whenever
needed. Company data would be backed up and stored correctly according to data governance
policies. Finally, I would enforce the use of unique passwords of a great length to make it more
difficult if any remote attacker were to even attack.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help
Works Cited
CVE
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=hacking
Marriott Data Breach 2020: 5.2 Million Guest Records Were Stolen
https://www.loginradius.com/blog/identity/marriott-data-breach-2020/