By David Black
Every business, no matter the size, is at risk of having its data exposed. With Marriott International’s recent security breach, over half a billion guests had their data stolen. The unfortunate reality is that this could have — and should have — been prevented.{mprestriction ids="1,3"} Before we dive into the negative impacts of this horrific security breach, let’s look at the events that led up to one of the worst breaches in modern history.
The details of how the hack took place have yet to be released, but the problem started four years ago. Basic cybersecurity protocols should have allowed Marriott to isolate the attack before it happened.
In 2015, Marriott acquired Starwood Hotels and Resorts Worldwide. Within the first two months after the acquisition, Starwood reported a data breach that involved the Starwood guest reservation database and a colossal credit card hack from 2014. Their website was also subject to a SQL injection attack. SQL injections are common attack vectors that use malicious coding for back-end database manipulation to gain access and administrative rights to sensitive information. Nonetheless, Marriott moved forward with the acquisition knowing the risks.
According to the recent reports and news, the majority of customers affected by this attack had their data stolen, including mailing address, name, phone number, passport number, email address, Starwood account information, gender, date of birth, flight information, credit card numbers and their expiration dates.
One of the greatest impacts to your business after a security breach is the toll on your customer loyalty. Sixty-nine percent of consumers feel that businesses do not take customer data security seriously enough and 70 percent said they would stop conducting business with a company following a data breach.
Often, with businesses of all sizes, companies choose to implement inadequate security systems because they feel that it is cheaper than the consequences of a data breach. This couldn’t be further from the truth.
There is a fine line and balance that needs to be determined when implementing cybersecurity in your business. The technology to detect, monitor and block potential attacks and unauthorized access to your data exists and is readily available.
Incorporating these tools with advanced processes is necessary to effectively combat attacks against your business. Having an internal or outsourced team of IT professionals who undergo continuous security training is paramount to stay ahead of the ever-evolving state of cybercrime.
Your cybersecurity strategy to combat attacks should include standard services such as a managed firewall, antivirus, security awareness training, vulnerability scanning, security assessments and PCI/HIPAA/GDPR compliance. Your IT professional can help you determine the compliance you need to worry about.
In a small business, the risk is greater than in large corporations when it comes to cybersecurity. The impact to server message block (SMB) file-sharing protocols can be detrimental. It is estimated that over 50 percent of all SMBs in the United States were hacked last year. The average cost to recover from the hack was between $850,000 and $955,000.
In a recent survey, a mere 14 percent of businesses rated their ability to mitigate cyberattacks as highly effective. The reasons given for not being prepared included insufficient staffing (67 percent), insufficient budgeting (54 percent), insufficient technology (44 percent) and lack of security awareness training (39 percent).
Taking the extra steps to ensure your business has the proper level of protection is vital to the success and growth of your business. Cybersecurity is not a one-time investment that can be forgotten about. As cybercrimes evolve and criminals are becoming more efficient and sophisticated in the way they target businesses of all sizes, now is the time to be proactive and secure your network before you become another statistic that could have been prevented.
David Black is the director of business development for Wasatch I.T., a Utah provider of outsourced IT services for small and medium-sized businesses.{/mprestriction}