I would like you to reply to this peer discussion post. The post reply need to b

    I would like you to reply to this peer discussion post. The post reply need to be substantial and constructive in nature. It should add to the content of the post and evaluate/analyze that post’s answer. Normal course dialogue does not fulfill the peer reply.
    The 2018 Cyber-Attack on Marriott International
    Information about the Organization
    Marriot International is a multinational organization operating various hotels, resorts and timeshare properties. It was founded in 1927 by J. Willard Marriott and has grown enormously to be one of the largest global hotel chains. The mission statement for Marriott is “to enhance the lives of our customers by creating and enabling unsurpassed vacation and leisure experiences” (Mission Statement Academy, 2023 (MSA), Para 1). This mission statement is established on customer-centric provisions by providing excellent services. The vision statement is “to become the premiere provider and facilitator of leisure & vacation experiences in the world” (MSA, 2023, Para 9). Marriott emphasizes leading from the front by offering unique or differentiated services for a positive customer experience. With the purpose of supporting the communities the organization serves, Marriott operating in the hospitality industry, specifically in the resort and hotel segment, is guided by values like people-centeredness, commitment to excellence, change-oriented, integrity, and service (MSA, 2023). Despite its vast commitment to elevating its reputation and offering outstanding client experience, Marriott has been a victim of the 2018 cyber-attack that causes a vast data breach.
    Nature of the Cyber-Attack
    The nature of the cyber-attack on Marriott International could be classified as social engineering, constituting the malicious activities executed via human interactions. Studies acknowledge that social engineering constitutes a cyber-attack that depends on human interaction to lure or trick individuals into breaking security protocols or exposing sensitive information (Klimburg-Witjes & Wentland, 2021). Hackers mostly use this technique to gain access to the systems, obtain sensitive data, and spread malware. In the incidents of Marriott International, commonly recognized as the Starwood data breach, it is believed that the attackers or the hackers gained access to the system after breaching a third-party vendor who had access to the Starwood reservation system. The hackers maintained access to the system for a long period, approximately from 2014, and possibly used malware to dodge detection by the system. Notably, these cyber-attacks had significant effects on the organization. An immediate impact of this attack was a data breach as the hackers had access to the personal data of at least 500 million guests, including names, addresses, passport and phone numbers, and date of birth, alongside the card information. Additionally, the company estimated the cost of the breach as approximately $200 million, which was expected to be higher with time. Thus, loss of customer data, financial losses, and organizational reputation were potential aftermaths of the attack.
    Efforts to Address Cyber-attacks (i.e., before, during and after the attack)
    Certainly, before the attack, the company did not execute its functions sufficiently to overcome the cyber threats. A major failure noticed by this company is the lack of vendor risk assessment from which the malicious attacks were launched. It is essential to acknowledge that had the company made a frequent risk assessment and management; the cyber-threats could have been noticed early. Furthermore, the company did not implement more sophisticated detection systems, as the malware stayed longer without the systems noticing its presence. During or when the attack occurred, the company did a commendable job addressing the attack by issuing a statement notifying the customers of the breach and assuring them they were taking the appropriate step to address the problem. Besides, the company offered a free identity-theft protection program and continued working with the regulatory and law enforcement agencies in investigating the issue. It is essential to acknowledge that after the attack, the company put in place relevant strategies to prevent further attacks, including frequent reviewing and updating the cyber-security policies and practices, two-factor authentication for guest and employee accounts, employee cyber-security training, and collaboration with law enforcement agencies (Klimburg-Witjes & Wentland, 2021).
    What the Company Might do to Prevent Future Cyber-Attacks
    Organizations such as Marriott International need various strategies to overcome cyber-attack vulnerabilities. A primary approach for Marriott is to prevent future cyber-attacks through employee training and cyber-security awareness programs to enhance personnel knowledge of vulnerabilities and potential risks to the company’s infrastructure. With this knowledge, the employees and customers would become less vulnerable to baits by hackers. Studies emphasize the need for end-user training as a fundamental element to ensure holistic awareness and knowledgeability of all stakeholders (Li & Liu, 2021). Furthermore, application security strategies like using premium anti-virus programs, strong encryptions and firewalls, and information security approaches like data protection efforts to prevent unauthorized access into the system are fundamental for Marriott International (Li & Liu, 2021). Therefore, frequent software updates and intrusion detection systems, alongside other approaches like recurrent system audits for cyber-security risks, would be fundamental to preventing, detecting and recovering from cyber threats.

    Leave a Reply

    Your email address will not be published. Required fields are marked *