Source: Forbes

The data breach hitting Marriott Hotels Group was huge. The joint-second largest to have ever taken place, in fact, after Yahoo's disastrous 2013 breach (and on par with Yahoo's 2014 breach). While the amount of data that was taken from Starwood Hotels' reservation systems (a company acquired by Marriott in 2016) was vast, what's most staggering is the fact the breach went undetected for four years, and an acquisition also took place but the alarm still wasn't raised. Since news originally broke of the release, it's also been revealed that the hotel group's own security team was hit by an attack in June 2017. Clearly something has gone amiss.

While it's easy to criticize Marriott and Starwood for what seems like a catalogue of errors, the fact is that in this day and age it could happen to anyone. While cyber security tools have become more sophisticated, so have the criminals - it's a chicken and egg scenario. Legitimate organizations are bound by laws and convention; criminals are not, and their ability to quickly innovate to circumvent protective technology is therefore less constrained.

Read the full article at Forbes