Security in networking systems and protocols

Security in Networking
Data breaches have become common in today’s business environment as organizations are increasingly vulnerable to a data breach or cyber-attack. Jain & Ropple (2018) state that many companies or institutions face huge challenges in successful management of cyber risk despite increased expenditures on their network security. Even though some industry standards have been established, they are relatively vague. Additionally, existing solutions for safeguarding companies or institutions against data breaches are not entirely effective. Sophisticated criminal problems have compounded or worsened organizations’ vulnerabilities to data breaches or cyber-attacks. This paper examines the recent data breach at Marriot International, a large American hotel chain. The evaluation discusses the existing telecommunication and network practices at the time, what contributed to the breach, and a plan of action to alleviate these factors.
Marriot’s Data Breach and Existing Network Practices
Marriot International suffered what is regarded as the biggest corporate data breaches in history. The data breach resulted in the loss of data on 500 million guests including credit card and passport information (Brewster, 2018). The company admitted that the data breach occurred on its Starwood guest reservation database. In addition to credit card and passport information, the hackers also obtained data on mailing and email addresses, phone number, payment card numbers and their expiration dates. The stolen data relates to reservations made at Starwood guest database between 2014 and September 2018. This essentially means that hackers had unauthorized access to the hotels’ network for a period of four years. In its initial report, the company states that the exact data taken by the hackers remains unknown and subject to the findings of ongoing investigations into the data breach. The company seeks to establish what was exactly stolen by these hackers through its dedicated framework for helping affected guests. In this regard, Marriot established a series of steps to assist guests affected by the data breach including establishing a dedicated website and call center. The company is also sending email notifications to affected guests and providing them one-year free subscription to Webwatcher data security software.
One of the existing telecommunication and network infrastructure at the time of the attack is encryption of credit card numbers using an algorithm known as Advanced Encryption Standard (AES-128). In addition, access to payment card numbers and other guest information requires decrypting these numbers. Marriott reported the possibility that hackers had taken these telecommunication and network practices that helped protect its database. Therefore, Marriott utilized encryption of customer data and the need for decryption as a telecommunication and network practice that would protect its database from unauthorized access.
Factors Resulting in the Security Breach
Sivalingam (2018) reports that the security breach at Marriott can be traced back to 2014 prior to the merger between the company and Starwood hotels. The breach emerged at Starwood hotels before the merger. Hackers exploited the relatively poor network security infrastructure at the time of the merger to obtain unauthorized access to guest data. The other vulnerability exploited by these hackers to gain unauthorized access to customers’ data was the lack of a security framework that would provide instant alerts in case of any attempt to access the database. Even though Marriott learned about the attack through an alert from an internal security tool, the company’s network security infrastructure did not have a system for providing instant alerts in case of any attempts to access its guest database. The lack of such an infrastructure could have contributed to the ability of hackers to access customer data for a long period of time without being detected. By the time Marriott realized the attack, hackers had obtained access to its database for four years. Marriott’s data breach could also be attributable to the lack of a network security infrastructure that prevents hackers or third parties from copying guest data. When detecting this data breach, the company found that unauthorized parties not only obtained access to the guest database, but they also copied and encrypted the information.
Plan of Action
Given the significant impact of the data breach, Marriott is faced with the need to establish steps and processes that would help alleviate these contributing factors. From the beginning, the company should have examined and transformed its network security infrastructure when merging with Starwood hotels. The failure to prioritize network security during the merger provided a loophole that was exploited by these hackers to obtain unauthorized access to the database. One of the steps toward alleviating these contributing factors is incorporating a system that would rapidly detect any potential attack and issue an alert. To this extent, Marriott should establish an intrusion detection system (IDS) that monitors all inbound and outbound activities on its network. Such a system will identify any suspicious activities or patterns and issue alerts in case of any attempts to compromise or break into the network (Beal, 2005).
However, since an IDS is a passive security solution, Marriott should also establish an intrusion prevention system (IPS) in its network security infrastructure. An IPS is an active network security solution that allows network administrators to take necessary actions after receiving alerts of suspicious activity or potential threats/attacks on the network. The two types of IPS that would be suitable for Marriott are host-based intrusion prevention systems (HIPS) and network-based intrusion preventions systems (NIPS). HIPS safeguard workstations and servers through software that works in the system’s applications and OS kernel while NIPS intercepts all network traffic and inspects it for suspicious events or actions through blocking the requests or requiring further action in order to be considered as legitimate traffic.
To execute this action plan, Marriott needs to conduct an overhaul of its current network security infrastructure or system. This would entail conducting a review of the existing framework to identify existing vulnerabilities and loopholes that hackers could capitalize on. This should be followed by identify best practices in network security in line with existing industry standards. The company should engage its network security experts and other relevant external personnel to enhance the current system through incorporating the identified best telecommunication and network practices as well as integrate IDS and IPS in the database.
Preventive Measures to Avoid Future Data Breaches
In addition to conducting an overhaul of the existing network security infrastructure, Marriott can undertake several preventive measures to avoid a similar situation in the future. One of the preventive measures that could be undertaken is to adopt cyber risk monitoring, which goes beyond watching for malicious activity. The company should establish a function or system for proactively detecting potentially detrimental activities and support mitigation decisions (Stevenson et al., 2019). A risk-focused monitoring function in the network would enhance its security and enable the company to advance its business strategies in a free and safe manner. Secondly, the company should utilize artificial intelligence in its network to accurately and effectively detect genuine cyber-attacks in real time. Artificial intelligence will play a critical role in this process since it’s impossible to manually detect malicious activity, especially when handling huge volumes of data (Atkinson, 2019). Third, Marriott should consider upgrading its login protocols by using stronger authentication tools such as security keys, biometrics or one-time codes since it would help the company to stay ahead of the hackers.
In conclusion, data breaches have become common in the modern business environment due to rapid technological advancements. Hackers and other cyber criminals are continually capitalizing on these technological advancements to develop sophisticated measures for conducting their activities. Marriott is an example of a company that has recently experienced a data breach that resulted in the loss of data of 500 million customers. Hackers exploited the lack of instant detection and alerts in the company’s network to launch an attack that allowed them to have unauthorized access to customer data for four years. In this regard, Marriott needs to enhance its network security infrastructure through adopting best practices that are in line with industry standards.




References
Atkinson, D. (2019). How AI Can Prevent a Marriott Situation from Happening Again. Retrieved February 9, 2019, from https://www.techradar.com/news/how-ai-can-prevent-a-marriott-situation-from-happening-again
Beal, V. (2005, July 15). Intrusion Detection (IDS) and Prevention (IPS) Systems. Retrieved February 9, 2019, from https://www.webopedia.com/DidYouKnow/Computer_Science/intrusion_detection_prevention.asp
Brewster, T. (2018, November 30). Marriott Hackers Stole Data on 500 Million Guests - - Passports and Credit Card Info Included. Forbes. Retrieved February 9, 2019, from https://www.forbes.com/sites/thomasbrewster/2018/11/30/marriott-admits-hackers-stole-data-on-500-million-guests/#5e9124b46492
Jain, S.C. & Ropple, L.M. (2018, December 14). Stopping Data Breaches will Require Help from Governments. Harvard Business Review. Retrieved February 9, 2019, from https://hbr.org/2018/12/stopping-data-breaches-will-require-help-from-governments
Sivalingam, J. (2018, December 4). What Caused the Marriott Data Breach? Retrieved February 9, 2019, from https://techwireasia.com/2018/12/what-caused-the-marriott-data-breach/
Stevenson, C., Douglas, A., Nicholson, M. & Amjad, A. (2019). From Security Monitoring to Cyber Risk Monitoring: Enabling Business-aligned Cybersecurity. Retrieved February 9, 2019, from https://www2.deloitte.com/insights/us/en/deloitte-review/issue-19/future-of-cybersecurity-operations-management.htm