The Marriott Hotels data breach has sent ripples through the Infosec community, with questions being asked as to how the hackers were able to roam around a network for years, unbeknownst to the people charged with keeping networks safe. We have seen a similar situation developing in the breach of Canada’s 1-800 Flowers, reported to the California attorney General’s office recently.
Sam Curry, Chief Security Officer at Cybereason:
“Much the same as people who live too long in a war zone, the world’s population have become inured to the meaning and damage of mega breaches. Perhaps ‘Giga Breaches’ should be the new term. When we receive 4 or 5 letters a year about compromised identities, horror stories at one or two degrees of separation, headlines measuring in the 100s of millions of victims, but life keeps going, we become de-sensitized. It’s important to remember that the impact of a breach is big even when buried among others. We still have something to lose and we should not idly accept the unacceptable. Boards and leadership in companies should use the New Year as an opportunity to set new programs in motion, new energy and a standard of excellence. Work with CISOs to make sure that hackers aren’t sitting in networks like parasites for years. Use peace time for preparation, and make it a core value to respect privacy, to lean forward, to champion transparency and to not ignore the risks from poor IT hygiene and weak cyber practices.“