• Tech News
    • Games
    • Pc & Laptop
    • Mobile Tech
    • Ar & Vr
    • Security
  • Startup
    • Fintech
  • Reviews
  • How To
What's Hot

Elementor #32036

January 24, 2025

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

April 18, 2024

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

April 16, 2024
Facebook Twitter Instagram
  • Contact
  • Privacy Policy
  • Terms & Conditions
Facebook Twitter Instagram Pinterest VKontakte
Behind The ScreenBehind The Screen
  • Tech News
    1. Games
    2. Pc & Laptop
    3. Mobile Tech
    4. Ar & Vr
    5. Security
    6. View All

    Bring Elden Ring to the table with the upcoming board game adaptation

    September 19, 2022

    ONI: Road to be the Mightiest Oni reveals its opening movie

    September 19, 2022

    GTA 6 images and footage allegedly leak

    September 19, 2022

    Wild west adventure Card Cowboy turns cards into weird and silly stories

    September 18, 2022

    7 Reasons Why You Should Study PHP Programming Language

    October 19, 2022

    Logitech MX Master 3S and MX Keys Combo for Business Gen 2 Review

    October 9, 2022

    Lenovo ThinkPad X1 Carbon Gen10 Review

    September 18, 2022

    Lenovo IdeaPad 5i Chromebook, 16-inch+120Hz

    September 3, 2022

    It’s 2023 and Spotify Still Can’t Say When AirPlay 2 Support Will Arrive

    April 4, 2023

    YouTube adds very convenient iPhone homescreen widgets

    October 15, 2022

    Google finishes iOS 16 Lock Screen widgets rollout w/ Maps

    October 14, 2022

    Is Apple actually turning iMessage into AIM or is this sketchy redesign rumor for laughs?

    October 14, 2022

    MeetKai launches AI-powered metaverse, starting with a billboard in Times Square

    August 10, 2022

    The DeanBeat: RP1 simulates putting 4,000 people together in a single metaverse plaza

    August 10, 2022

    Improving the customer experience with virtual and augmented reality

    August 10, 2022

    Why the metaverse won’t fall to Clubhouse’s fate

    August 10, 2022

    How Apple privacy changes have forced social media marketing to evolve

    October 16, 2022

    Microsoft Patch Tuesday October Fixed 85 Vulnerabilities – Latest Hacking News

    October 16, 2022

    Decentralization and KYC compliance: Critical concepts in sovereign policy

    October 15, 2022

    What Thoma Bravo’s latest acquisition reveals about identity management

    October 14, 2022

    What is a Service Robot? The vision of an intelligent service application is possible.

    November 7, 2022

    Tom Brady just chucked another Microsoft Surface tablet

    September 18, 2022

    The best AIO coolers for your PC in 2022

    September 18, 2022

    YC’s Michael Seibel clarifies some misconceptions about the accelerator • DailyTech

    September 18, 2022
  • Startup
    • Fintech
  • Reviews
  • How To
Behind The ScreenBehind The Screen
Home»Security»What the Marriott International breach teaches us about social engineering 
Security

What the Marriott International breach teaches us about social engineering 

July 7, 2022No Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
What the Marriott International breach teaches us about social engineering 
Share
Facebook Twitter LinkedIn Pinterest Email

We’re excited to deliver Rework 2022 again in-person July 19 and nearly July 20 – 28. Be a part of AI and knowledge leaders for insightful talks and thrilling networking alternatives. Register at this time!


Yesterday, one of many largest lodge chains on this planet, Marriott Worldwide, confirmed that it suffered its second knowledge breach of 2022. Databreaches.net broke the information after receiving an nameless tip. 

Throughout the breach, which befell in early June, a risk actor managed to realize entry to an worker’s laptop and obtained roughly 20 gigabytes of knowledge together with bank card particulars and confidential details about visitors and staff, equivalent to flight reservation logs. 

The attackers, dubbed the Group with No Identify (GNN), seem to have orchestrated a social engineering assault concentrating on staff working on the BWI Airport Marriott in Maryland (BWIA), and managed to trick considered one of them into granting entry to their laptop. 

Whereas the information breach has solely affected 400 individuals, it highlights some priceless classes for CISOs and safety leaders, notably concerning the risk posed by social engineering threats, and the havoc that poor safety consciousness can wreak on a corporation. 

What the Marriott breach reveals about social engineering 

The newest Marriott breach highlights that human error is without doubt one of the best dangers to a corporation’s safety. All it took to exfiltrate the group’s knowledge, was for the risk actor to control an worker into handing over entry to their gadget.

Within the realm of cybersecurity, manipulation is considered one of an attacker’s handiest weapons. In contrast to exploits or brute power assaults that concentrate on endpoints or IT programs that may be patched or mitigated constantly, human beings aren’t good, and simply make the error of handing over login credentials or exploitable info. 

See also  Google to turn on 2FA by default for 150 million users, 2 million YouTubers

“A main mechanism being utilized by adversaries is social engineering. It’s easy and efficient. And it implies that preliminary compromise depends on human behaviors and is subsequently unattainable to forestall 100% of the time,” stated Sarya Nayyar, CEO and founding father of safety operation and analytics supplier, Gurucul. “All it takes is one profitable compromise to avoid most preventative controls.”

It is because of this that the variety of social engineering assaults reached 25% of whole breaches in 2022, and why the human component (social engineering, errors and misuse) accounts for 82% of breaches this 12 months. 

Even staff with excessive safety consciousness aren’t proof against being caught off guard, notably when the common group is focused by over 700 social engineering attacks annually.

How organizations can reply to social engineering 

One of many easiest methods organizations can handle social engineering threats is with safety consciousness coaching, which teaches staff safety greatest practices, what phishing, social engineering and different manipulation makes an attempt seem like, to allow them to keep away from sharing any priceless info with cyber criminals. 

“Organizations want to make sure that all staff are incessantly educated about any such social engineering, receiving coaching at the least as soon as a month adopted by simulated phishing assessments, to see how nicely staff understood and deployed the coaching,” stated protection evangelist at KnowBe4, Roger Grimes. “Staff discovered to be inclined to this specific sort of phishing assault ought to be required to take extra and longer coaching till they’ve developed a pure intuition to out all these assaults.” 

See also  Apple demos Safari’s ‘passkeys’ support in macOS Ventura that will help bring an end to passwords

For added safety, Nayyar recommends that organizations implement a detection program, to observe and establish dangerous entry controls and consumer behaviors to detect irregular or deviant exercise, to not solely defend towards exterior threats but in addition towards inside threats. 

It’s vital to notice that detection and response is an space the place many enterprises are missing, with research exhibiting that 36% of mid-size organizations don’t have a proper incident response plan in place.

Above all: Don’t get a status as a simple goal

Lastly, this newest knowledge breach reveals that enterprises can’t afford to realize a status as a simple goal. If your organization falls sufferer to a knowledge breach, then there’s a excessive chance that different attackers will try to focus on you once more, making the belief that your group has weak safety controls. 

“As this newest breach demonstrates, organizations which are victims of earlier assaults usually tend to be focused sooner or later. This assault does little to revive religion in Marriott’s knowledge safety following the large seaside of the information of 5.2 million visitors in 2020,” stated Jack Chapman, vp of Menace Intelligence at Egress. 

On condition that this breach was the third of its variety that Marriott has skilled within the final 4 years, different organizations may be trying on the lodge chain as a possible goal. 

The one option to keep away from this predicament is to keep away from being seen as a simple goal — implementing the newest detection and response options and constantly investing in safety consciousness coaching to assist staff embrace safety greatest practices and mitigate human danger. 

See also  The Marriott hotel chain has been hit by another data breach

Source link

Breach engineering International Marriott Social teaches
Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

How To Compete On An International Scale

July 29, 2023

5 Powerful Mindset Shifts For Entrepreneurs Who Overthink Social Media

June 12, 2023

Bluesky’s Custom Algorithms Could Be the Future of Social Media | Startup

June 4, 2023

Meet Chatwise, the social media app that gives its creators equity

May 23, 2023
Add A Comment

Comments are closed.

Editors Picks

Saints Row Review: Stripped-back shooter-focused sandbox feels aimless outside of super set-pieces

August 23, 2022

Electronic Arts launch new studio Ridgeline Games to produce new Battlefield “narrative campaign”

September 12, 2022

Floodland is a colourful settlement builder about surviving post-climate collapse

August 24, 2022

Starfish Space reveals plan to demonstrate satellite docking in orbit

November 12, 2022

Subscribe to Updates

Get the latest news and Updates from Behind The Scene about Tech, Startup and more.

Top Post

Elementor #32036

The Redmi Note 13 is a bigger downgrade compared to the 5G model than you might think

Xiaomi Redmi Watch 4 is a budget smartwatch with a premium look and feel

Behind The Screen
Facebook Twitter Instagram Pinterest Vimeo YouTube
  • Contact
  • Privacy Policy
  • Terms & Conditions
© 2025 behindthescreen.uk - All rights reserved.

Type above and press Enter to search. Press Esc to cancel.