On 30th November, it was revealed that the data of 300 million guests of the Marriott hotel chain had potentially been exposed by hackers of an unknown origin. Recently, the US Secretary of State, Mike Pompeo, blamed the Chinese Ministry of State Security for this enormous breach of privacy and personal information. But regardless of the culprit, the key question on the minds of CISOs across the globe once again makes itself known: how can we prevent a breach as catastrophic as this from happening to us?
Firstly, it’s important to assess the motivations behind a hacking like this. Generally, with breaches on this scale the hackers are either nation states or large criminal groups. You have to ask what the potential motivations could be for both parties. For criminal groups it’s often financial gain and the ability to sell credentials and identities on the dark web, or to access other systems with the stolen credentials. For nation states the motivation could be more sinister and intimate – governments that are tracking the movements of ‘persons of interest’ would find huge value in being able to access a database of 500 million individuals and continue to monitor their behaviour for potentially 4 years.
In recent news, we’ve heard about the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU) involvement in global hacking scandals, and it’s considerably recognisable how much countries like Russia could gain from an attack like this. They certainly have the resources. Whilst the motives behind the Marriott attack are yet to be revealed, we know for certain that an international superpower such as China has the resources to hack almost any global corporation.
- China accused over Marriott data breach
- Marriott says 383m customers were hit in data breach
- The true cost of a data breach
Protecting customer data
Like many companies with a large customer base, Marriott store private and personal information. It is critical that organisations charged with protecting customer data take better steps to ensure that any cyber-attacks are quickly identified and stopped before damage is done. They should look towards smarter systems that utilise artificial intelligence to effectively and accurately identify genuine cyber threats in real time. Because security teams are flooded with such huge quantities of data, and as such, it is almost impossible to manually detect malicious activity. Without artificial intelligence enhancing our detection efforts, threats will go unnoticed – and as seen in the Marriott case, this could be for as long as 4 years.
Even companies that have implemented security tools that monitor for attacks often find that they cannot differentiate between unusual activity and genuine threats. This in turn means that a huge volume of alerts are raised, requiring manual investigation from human analysts. These false positive alerts waste time and distract attention away from investigating genuine threats. It would be surprising if none of Marriott’s security tools had detected this attack over the past 4 years, but the alert may not have been prioritised amongst all of the noise, causing the security team to miss it. So how can security teams be certain that they’re not missing breaches like this? Perhaps the answer actually lies in artificial intelligence.
AI enables already intelligent and interconnected systems to autonomously converse, improving the accuracy of threat detection across the network, endpoint devices, cloud environments and Investigator Bots. By using these multiple ‘senses’ to observe behaviour across the entire organisation, security alerts can be notified the exact moment unnatural behaviour – and potential breaches – occur.
But the ability to instantly identify a threat’s location isn’t the only advantage to using AI. This is because artificial intelligence can also closely follow the path of an attack across devices and networks, building an accurate picture of the threat, using all the information gathered from its multiple senses.
With the AI revolution increasingly introducing itself to all walks of life, CISOs of companies like Marriott who are anxious over attacks like this happening to their own organisation, worrying about what is on the network, unable to keep up with all the alerts, can embrace this change positively. CISOs should see real value in the way AI Triangulation and sensory AI can provide them with one cohesive platform that protects their organisation from emerging threats, essentially replacing the need to purchase multiple single-point solutions – and in the long term, potentially saving their companies hundreds of millions in costs. With a threat that is identified instantly through such triangulation, all points of entry are covered, and CISOs can get some well-earned sleep at last.
David Atkinson, CEO of Senseon (opens in new tab)
- Also check out what we can learn from 2018's biggest data breaches