Lessons Learned from the Recent Marriott Breach
by Richard Blech, Founder & CEO at Secure Channels Inc.
Marriott International, the world’s largest hotel chain, recently announced a massive data breach. The information of upwards of 500 million Starwood Hotel guests was copied and removed. Investigators are pointing towards Chinese hackers, potentially ones working at the behest of the Chinese government. There’s more information coming from the attack, but in these situations, it’s always worse than originally reported. A breach is a disastrous event for Marriott, as they will face regulatory fines, lawsuits, and a branding hit.
In the Marriott case, the extent of the breach was heightened by the resources of the hackers. A nation-state such as China has access to the best tech and sophisticated hackers who work in concert to tackle tough jobs. The hackers took personally identifiable information and grabbed encrypted data. This points to their capabilities, as they were confident in their ability to decrypt the data. They don’t care about the encryption strength because they have the tools to break it. Marriott likely used outdated 128-bit encryption which is exploitable.
Reactive Cultures
Companies often view breaches with an air of “it won’t happen to us.” But then it does. The affected company then sends out communications about how they care about the customer and are doing everything they can to remedy future situations. Unfortunately, the damage is done. The information is out there. Marriott responded by expressing its regrets. It also set up a website and call center for guests to ask questions about the breach and impact on their personal data. It’s the logical response, but it’s of course completely reactive. Companies holding personal data must act proactively in regards to their cyber defenses. We don’t know the particulars of the Marriott’s setup and system failures in terms of both their technology and the human element. They did not properly protect the most crucial data such as passports, credit cards, emails, among others.
Advanced Safeguards Secure Channels Inc. is not the global panacea for such a sophisticated attack; however, our solutions are part of a strategy that can make a company’s data a very undesirable target. We offer advanced encryption to protect sensitive information at all points. So from the database to the endpoint in the workflow, the data is deeply encrypted and features strong access controls to said data. It’s encryption that’s many factors more robust and efficient than 128-bit encryption that was used by Marriott.
The Secure Channels encryption protocol XOTIC is a patented software and hardware implementation of the multi-family symmetric block cipher cryptosystem. The XOTIC cryptosystem comprises two elements, a key generation scheme and encryption primitive. The XOTIC cryptosystem employs digital techniques to ensure information confidentiality. XOTICoffers improvements in security properties including system or user definable keyspace (for keyspace values comparable to standard symmetric block ciphers such as AES) size ranging from 256 bits to 130,000 bits without any compromise to performance or execution times. Encrypting a file with XOTIC adds no more than 5 bytes to the size of the original file regardless of the selected encryption strength. XOTIC is applicable to any data type. It provides increased protection against both “brute force” attacks and any threats posed by advances in quantum computing. Improved encryption such as that offered through XOTIC would require a nation such as China many years or even centuries to break. Large global companies must be in tune with the risks posed by sophisticated hacking groups. Ignoring the threats means the potential brand and compliance risks are too great. Stronger encryption, improving human cybersecurity processes, and other proactive responses are needed.
About the Author
Richard Blech is an entrepreneur, investor, and innovator. His primary business focus is on data security, technology, and strategic alliances. As managing member of Imperium Management LLC, Richard actively invests in technologically advanced ventures. He has a discerning ability to determine market trends that are not only lucrative but also pave the way to technological advancement across the globe. As a resolute advocate of disruptive technology, he holds vested interests in cyber-defense and digital content. With cyber-crime breaches now reaching epidemic proportions, Richard’s objective is to turn the ever-evolving digital world into a risk-averse space that allows everyone to function securely within their ecosystems. As the Founder & CEO of Secure Channels, Inc., he’s shaping the company to be a leader in enterprise data protection through the development of innovative encryption and authentication-based technology solutions. Richard can be reached at [email protected], @RichardBlech or through the company website at https://securechannels.com/.