This article originally appeared on ReadWrite. Click the link below for the full version.
Very few data breaches have garnered as much attention recently as the Starwood/Marriott breach in which up to 500 million records may have been accessed by an unauthorized user. It’s suspected that the encryption keys that protected personally identifiable information (PII), specifically payment card data, were also compromised.
Much has been written about what is known about the breach and what it may mean for Starwood customers. Looking at this event from a CSO/CISO perspective, it’s pretty obvious that the systems designed to prevent these types of activities were not actually in place at Starwood for at least the past four years. Additionally, Marriott was clearly not aware of any issues during the acquisition process. It seems that post-acquisition, Marriott began to audit and were able to detect the breach within days.
The role of the CSO is complex and can actually hold different job requirements across companies. In many organizations, we are the guardians of the brand at a digital level ensuring all data is protected, systems are secure and that IP stays safe. We have procedures in place to make sure that our systems are functioning accordingly, and have invested in extensive controls to ensure everything continues to work as our internal and external policies advertise.