Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Dec 17, 2018

It didn't take long for the lawsuits to start rolling in.

10.jpg

Most people are impressed by size. Specifically, large manmade or natural wonders, large statues or artwork, large bank accounts or net worth, large customer bases or revenues will all make the news in a positive light.

Unfortunately, when it comes to cybercrime, we all gasp when we see large numbers affected by a new breach, and secretly sigh with relief as we discover it hasn’t affected us. But is it only a matter of time before you are included when the breach size encompasses you?

Marriott Breached

Score one more for the cybercriminal team. As you have probably heard by now, Marriott is the latest to face the court of public shame with the announcement that their loyalty rewards program database was breached and exposed the personal information for over 500 million people. Kaya Yurieff reported at CNN that:

“Marriott — which owns Starwood hotels such as the St. Regis and the Westin — on Friday disclosed that the Starwood guest reservation system had been hacked, in a breach dating back to 2014.

For 327 million people, Marriott says, the exposed information includes names, phone numbers, email addresses, passport numbers and dates of birth. For millions of others, credit card numbers and card expiration dates were potentially compromised. This kind of information could be used to steal your identity and open bank accounts, credit cards or loans in your name.”

For those of you keeping score, this breach is actually the second biggest in history. The largest being Yahoo’s announcement last year that 3 billion accounts among several of its brands were compromised.

$12.5 Billion in Damages?

It didn’t take long for the lawsuits to begin. Hours after the breach was made public a number of people began class-action suits seeking restitution for the 500 million people whose personal information was compromised. Catalin Cimpanu reported on ZDNet that “Marriott sued hours after announcing data breach” and went on to say:

“While plaintiffs in the Maryland lawsuit didn't specify the amount of damages they were seeking from Marriott, the plaintiffs in the Oregon lawsuit want $12.5 billion in costs and losses.

This should equate to $25 for each of the 500 million users who had their personal data stolen from Marriott's servers in the breach announced last week, on Friday.”

But the problems for Marriott don’t stop with lawsuits.  It seems that government probes are also now on the table according to a Forbes article titled “Revealed: Marriott's 500 Million Hack Came After A String Of Security Breaches:”

“Marriott’s security is now facing probes from multiple government bodies, including the New York Attorney General’s office. European regulators like the UK information commissioner, who have the ability to fine companies significant sums with the power of the General Data Protection Regulation (GDPR), are also looking into the incident.”

We have discussed the expensive nature of remediating cyber breaches in the past and suggest you review a past blog here.

Why Remediate When You Can Prevent it in the First Place?

In order to ensure safe content, you will need a cyber security strategy based on tools that won’t miss zero-day attacks and can’t be evaded by smart cyber criminals. You should evaluate static analysis-based technologies which are faster, more accurate, not OS version dependent and covers 100% of your code, with complete visibility. 

Using deep inspection and analysis methods that make no assumptions on threat heuristics or behavior and assumes that there is no legitimate reason for executable code to be present in a data file, these technologies can interpret and detect code in real time and immediately block threats from penetrating your organization.

Bottom line: you will finally have safe content and without the expense of remediation.

Want more great articles like this?Subscribe to our blog.

Get all the latest news, tips and articles delivered right to your inbox

Boris Vaynberg

by Boris Vaynberg

VP and GM for Advanced Threat Detection

Posted Dec 17, 2018

You may also like:

Sandboxing Technology: Why Good vs. Bad Isn’t Enough

Here’s the backstory on Mimecast&r…

Here’s the backstory on Mimecast’s new acquisiti… Read More >

Meni Farjon

by Meni Farjon

Chief Scientist for Advanced Threat Detection

Posted Dec 07, 2018

Insider Threats Personified – The Well-Intentioned Employee

Do you know your insider threat personas…

Do you know your insider threat personas? In this this edit… Read More >

Monica Gupta

by Monica Gupta

Product Marketing Manager

Posted Dec 07, 2018

Cybersecurity Breakdown: Improving Workplace Awareness

How are your employees using work-issued…

How are your employees using work-issued devices? The holid… Read More >

Michael Madon

by Michael Madon

SVP & GM of Mimecast Security Awareness

Posted Dec 04, 2018