{"id":4007,"date":"2018-11-30T11:59:08","date_gmt":"2018-11-30T15:59:08","guid":{"rendered":"https:\/\/solutionsreview.com\/identity-management\/?p=4007"},"modified":"2018-11-30T11:59:08","modified_gmt":"2018-11-30T15:59:08","slug":"4-security-expert-perspectives-marriott-breach","status":"publish","type":"post","link":"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/","title":{"rendered":"4 Security Expert Perspectives on the Marriott Breach"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-2993\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg\" alt=\"4 Security Expert Perspectives on the Marriott Breach\" width=\"800\" height=\"400\" srcset=\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg 800w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-300x150.jpg 300w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-768x384.jpg 768w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-540x270.jpg 540w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-162x81.jpg 162w, https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod-360x180.jpg 360w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Just moments ago, Solutions Review reported on the Marriott breach. Easily one of the most signficant and devastating of all time, the Marriott breach surprised us all. But the question is: what does it all mean? What can enterprises learn from this attack? How can they protect themselves against future breaches of this magnitude? <\/span><\/p>\n<p style=\"text-align: justify\"><div class=\"widget\"><div class=\"aside-card\">\t\t\t<div class=\"textwidget\"><p><a class=\"iam-inject\" href=\"https:\/\/solutionsreview.com\/identity-management\/get-a-free-privilieged-access-management-solutions-buyers-guide\/\" target=\"_blank\" rel=\"noopener\"><img loading=\"lazy\" decoding=\"async\" class=\"alignleft size-full wp-image-1682\" title=\"\" src=\"https:\/\/solutionsreview.com\/identity-management\/files\/2020\/01\/PAM_BG_SB_800.gif\" alt=\"Download Link to Privileged Access Management Buyer's Guide\" width=\"800\" height=\"100\" \/><\/a><\/p>\n<\/div>\n\t\t<\/div><\/div><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">To gain perspective on these question, we got the opinions of 4 security experts on the Marriott breach. Here are their thoughts, edited slightly for readability: <\/span><\/p>\n<p style=\"text-align: justify\"><b>John Gunn, CMO, <\/b><a href=\"https:\/\/www.onespan.com\/\" target=\"_blank\" rel=\"noopener\"><b><span style=\"color: #0000ff\">OneSpan<\/span>:<\/b><\/a><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The significance of the Marriott breach is not in the number of records that were compromised, that is relatively small. It\u2019s impact on the victims is much greater than the numbers reveal. It is remarkably easy to request a replacement credit card from your financial institution and you are not responsible for fraudulent activities \u2013 try that with your passport. This may be an emerging trend with hacking organizations, to target large pools of passport data. Stolen passports sell for a magnitude more that stolen credit cards on the dark web.<\/span><\/p>\n<p style=\"text-align: justify\"><b>Michael Magrath, Director, Global Regulations &amp; Standards, <\/b><a href=\"https:\/\/www.onespan.com\/\" target=\"_blank\" rel=\"noopener\"><b><span style=\"color: #0000ff\">OneSpan<\/span>: <\/b><\/a><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">The vast stores of personally identifiable data on the Dark Web continues to grow at historic rates, and fraudsters have rich resources with which to steal identities or create new, synthetic identities using a combination of real and made-up information, or entirely fictitious information. For example, the personal data obtained in one breach could be crossed referenced with data obtained from another breach and other widely publicized private sector breaches, and the Marriott breach only makes their task that much easier and more likely to succeed. \u00a0Having the databases in the same place makes things even easier for the bad guys.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Cyber attacks such as Marriott&#8217;s will continue and it is imperative that public and private sector organizations not only deploy the latest in authentication and risk based fraud detection technologies in their organizations, but also making sure all third party partners have equal cybersecurity measures in place. \u00a0\u00a0\u00a0<\/span><\/p>\n<p style=\"text-align: justify\"><b>Gary Roboff, Senior Advisor, <\/b><a href=\"https:\/\/www.santa-fe-group.com\/\" target=\"_blank\" rel=\"noopener\"><b><span style=\"color: #0000ff\">the Santa Fe Group<\/span>:<\/b><\/a><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">How could a breach like this continue for 4 years? <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">If encryption keys were compromised and payment data was in fact exposed, this could indicate that stolen credentials were released at an exceptionally slow release rate versus a \u201cmass data dump exfiltration event\u201d in order to make it harder for fraud and security teams to identify the kinds of patterns that would normally indicate a point of compromise. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">While we don\u2019t fully understand what happened at Starwood and Marriott, basic security hygiene requires extraordinary attention to detail and diligence. In 2014, a JP Morgan Chase hack exposed 76 million households. A single neglected server that was not protected by a dual password scheme was the last line of defense standing between the hacker and the exposed data. If diligence isn\u2019t constant and systematic, the potential for compromise, with all that implies, increases significantly<\/span><\/p>\n<p style=\"text-align: justify\"><b>Bimal Gandhi, Chief Executive Officer, <\/b><span style=\"color: #0000ff\"><a style=\"color: #0000ff\" href=\"https:\/\/www.uniken.com\/\" target=\"_blank\" rel=\"noopener\"><b>Uniken<\/b><\/a><\/span><b>: <\/b><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Events like this Marriott Starwood breach underscore the sheer folly of continued reliance on outdated security methods such as using PII in authentication, given the sheer proliferation of stolen and leaked PII now available on the Dark Web.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Every piece of customer information that a company holds represents a potential point of attack, and each time a partner or agent accesses it, that becomes a potential attack point as well. Hotels, hospitality companies, banks and eCommerce entities are all moving to newer ways to enable customers <a href=\"https:\/\/solutionsreview.com\/identity-management\/comparing-three-authorization-protocols-ubisecure-saml-vs-oauth-2-0-vs-openid-connect\/\" target=\"_blank\" rel=\"noopener\">authenticate<\/a> themselves across channels, without requiring any PII.<\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Customer-facing commerce and financial institutions seeking to thwart credential stuffing are increasingly seeking to migrate beyond PII <a href=\"https:\/\/solutionsreview.com\/identity-management\/contextual-multifactor-authentication-ping-identity\/\" target=\"_blank\" rel=\"noopener\">authentication<\/a> to more advanced methods that do not require the user to know, manufacture or receive and manually enter a verification factor, in order to eliminate the ability for bad actors to guess, phish, credential-stuff, socially engineer, mimic or capture their way into the network. <\/span><\/p>\n<p style=\"text-align: justify\"><span style=\"font-weight: 400\">Invisible multifactor authentication solutions that rely on cryptographic key based <a href=\"https:\/\/solutionsreview.com\/identity-management\/improving-biometric-authentication-success-enterprise\/\" target=\"_blank\" rel=\"noopener\">authentication<\/a> combined with device, environmental and behavioral technologies provide just such a solution. By their very nature they are easy to use, issued and leveraged invisibly to the user, remove human error, and defy credential stuffing and other common attacks.<\/span><\/p>\n<p style=\"text-align: justify\"><br \/>Widget not in any sidebars<br \/><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Just moments ago, Solutions Review reported on the Marriott breach. Easily one of the most signficant and devastating of all time, the Marriott breach surprised us all. But the question is: what does it all mean? What can enterprises learn from this attack? How can they protect themselves against future breaches of this magnitude? To [&hellip;]<\/p>\n","protected":false},"author":41,"featured_media":2993,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"footnotes":""},"categories":[5],"tags":[142,125,16,11,112,530,404,76,70,921,922,30,908,91,90,25,919,754],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>4 Security Expert Perspectives on the Marriott Breach<\/title>\n<meta name=\"description\" content=\"We got the opinions of 4 security experts on the Marriott breach, easily one of the most significant and devastating in history.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Ben Canner\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/\",\"name\":\"4 Security Expert Perspectives on the Marriott Breach\",\"isPartOf\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg\",\"datePublished\":\"2018-11-30T15:59:08+00:00\",\"dateModified\":\"2018-11-30T15:59:08+00:00\",\"author\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\"},\"description\":\"We got the opinions of 4 security experts on the Marriott breach, easily one of the most significant and devastating in history.\",\"breadcrumb\":{\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#primaryimage\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg\",\"contentUrl\":\"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg\",\"width\":800,\"height\":400,\"caption\":\"Insider Threat Awareness Month 2020: The Experts Comment\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/solutionsreview.com\/identity-management\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"4 Security Expert Perspectives on the Marriott Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#website\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/\",\"name\":\"Identity and Access Management Solutions | Solutions Review\",\"description\":\"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541\",\"name\":\"Ben Canner\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g\",\"caption\":\"Ben Canner\"},\"description\":\"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.\",\"url\":\"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"4 Security Expert Perspectives on the Marriott Breach","description":"We got the opinions of 4 security experts on the Marriott breach, easily one of the most significant and devastating in history.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/","twitter_misc":{"Written by":"Ben Canner","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/","url":"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/","name":"4 Security Expert Perspectives on the Marriott Breach","isPartOf":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#website"},"primaryImageOfPage":{"@id":"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#primaryimage"},"image":{"@id":"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg","datePublished":"2018-11-30T15:59:08+00:00","dateModified":"2018-11-30T15:59:08+00:00","author":{"@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541"},"description":"We got the opinions of 4 security experts on the Marriott breach, easily one of the most significant and devastating in history.","breadcrumb":{"@id":"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#primaryimage","url":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg","contentUrl":"https:\/\/solutionsreview.com\/identity-management\/files\/2018\/07\/IAM-CEO-mod.jpg","width":800,"height":400,"caption":"Insider Threat Awareness Month 2020: The Experts Comment"},{"@type":"BreadcrumbList","@id":"https:\/\/solutionsreview.com\/identity-management\/4-security-expert-perspectives-marriott-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/solutionsreview.com\/identity-management\/"},{"@type":"ListItem","position":2,"name":"4 Security Expert Perspectives on the Marriott Breach"}]},{"@type":"WebSite","@id":"https:\/\/solutionsreview.com\/identity-management\/#website","url":"https:\/\/solutionsreview.com\/identity-management\/","name":"Identity and Access Management Solutions | Solutions Review","description":"Evaluating Enterprise IAM Software, Identity Governance &amp; Access Control Tools.","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/solutionsreview.com\/identity-management\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/357f925262827fcf840b4341920a1541","name":"Ben Canner","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/solutionsreview.com\/identity-management\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/63f68345052a446ce0cc9c802dd3f373?s=96&d=mm&r=g","caption":"Ben Canner"},"description":"Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.","url":"https:\/\/solutionsreview.com\/identity-management\/author\/bcanner\/"}]}},"_links":{"self":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4007"}],"collection":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/users\/41"}],"replies":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/comments?post=4007"}],"version-history":[{"count":0,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/posts\/4007\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media\/2993"}],"wp:attachment":[{"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/media?parent=4007"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/categories?post=4007"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/solutionsreview.com\/identity-management\/wp-json\/wp\/v2\/tags?post=4007"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}