1

Assignment 3

Jonathan Pascual

University of Maryland Global Campus

CCJS 345 6381: Introduction to Security Management (2245)

Joshua Shandler

09/07/2024
 2

Marriott Data Breach

Businesses operating in the modern world operate in a very complex environment that is

well characterized by various connections between the businesses entities, and various computer

systems. Due to this connectedness, various threats such as cyber threats are presented which can

impose critical negative consequences in terms of finance, reputation, and law, become critical

issue for organizations. To prevent organizations from these threats, security managers must

develop efficient disaster response plans that include cooperation with organizational employees

and third parties. The following paper aims to explore the various details of a real-life case of a

large-scale cyber-attack on Marriot hotels group. The attack was carried out by a skilled hacker

group and resulted in unauthorized access to the customer`s personal information, trade secrets,

and monetary details. The paper will therefore describe the threat, evaluate the impact after the

breach and then provide the required strategic coordinated response plan.

The cyber-attack on Marriot International is a perfect real-life example of a threat against

organizations that proves that hackers have increasingly become more sophisticated. It is also

important to note that the attack also occurred alongside other significant breaches in American

health insurers and government agencies (Rice & AlMajali, 2014). Despite the fact that the

amount of data stolen was huge and sensitive, experts and researched noted that the data never

appeared I the dark web which suggests that the state actors were involved rather than common

cybercriminals likely perpetrated the attack (Datta et al., 2024). Therefore, every company that

processes elaborates large amounts of digital data within its systems is potentially at risk to

falling prey to such a threat. In this case, the attackers targeted the company’s web application

and inserted malware into it granting them access into the internal network. As a result, they got
 3

the customers ‘Private data including identification data, payment card data, and transactions

history.

Additionally, the hackers penetrated the organization’s secret databases in intellectual

property and finance therefore putting the organization at high risk. The consequences of that

violation on Marriott hotel chain are very significant and multifaceted. Namely, it endangers the

company’s identity and trust from the customers significantly. It threatens customer confidence

in the organization’s ability to secure their data and information hence resulting in loss of

customers and organizational reputation (Paraskevas, 2022). In addition, all the company’s

intellectual property and its financial records put at risk its position ahead of competitors and its

financial viability. The malicious entities or the competitors could use the stolen data in a wrong

way which could have a negative impact on the position of the firm in the market and may lead

to financial losses.

Being the security manager of Marriot International, I would take various approaches to

ensure that I deal with the breach and prevent further consequences. To achieve this, I would

have to involve several internal departments and external collaborations. The purpose of such

cooperation is to achieve the efficient and coordinated approach which, in turns, will allow the

company to address the issue utilizing the necessary set of skills and tools as well as legal

support (Khan et al., 2020). To start with, I would engage the IT employees. IT employees are

responsible for assessing the breach and preventing such threats in the organization in the future.

The security manager would then engage the IT department with the responsibility of producing

a forensic analysis of the breach, its entry point, the attack vector to use, and the damage caused.

It’s important for this investigation in order to compile the necessary information and enables

planning the adequate response. Additionally, the IT department would be responsible to

administering critical network and system patches together with other security measures to block

the incidence of the unauthorized access.

CSIRTs from other organizations are also a source of external help that can be useful

when it comes to various stages of the incident response cycle and the identification of

containment and eradication measures. For instance, internal personnel during the detection

phase, can assist in realizing gaps and threats which might not have been noticed. During the

containment phase, CSIRTs can also provide prevention measures and solutions to stop the

threat’s proliferation and mitigate its effects adequately (Bovsh et al., 2023). Also, insights from

specific experiences that are obtained from other similar organizations can be easily shared to

improve on the incident response strategy in CSIRTs. Their interaction alongside their skills can

go a long way in boosting the capacity of an organization in handling security threats.

The legal department is another strategic internal unit for handling the breach from the

organization’s side. They are nonetheless cast in the oversight role of evaluating and identifying

organization’s legal risks and compliance requirements stemming from the occurrence. In

cooperation with external legal advisors, the legal division monitors the laws on notification of

data breaches and advises the company’s decision-making about communication with clients and

other legal actions against the attackers (Datta et al., 2024). Another role that is usually

performed by legal department includes preservation of evidence, liaison with police forces, as

well as the preparation of letters to inform the breach.

In conclusion, it is essential to work on cybersecurity threats comprehensively and

prevent them by creating thorough response programs with the cooperation of different

departments and other organizations. Analyzing the scenario of the large-scale cyberattack on the

Marriott hotel chain, it is important to note that mitigating such threats requires collective action.
 5

Organizations can therefore avoid such attacks and avoid similar incidences through the efficient

use of the IT, legal and HR departments. Furthermore, relationship with other external

organizations such as CSIRTs, police, other authorities will be also beneficial for the insightful

information, collecting important evidence, as well as capable of meeting legal needs.

Coordination of these collaborative initiatives have to be done within the institution together

with the external stakeholders. With this strategy, Marriott will be in a position to respond to the

effects of the breach, reclaim its image, and establish a strong security model for the future.
 6

References

Bovsh, L., Bosovska, M., Okhrimenko, A., & Rasulova, А. (2023). Digital security of the hotel

brand. Менаџмент у хотелијерству и туризму, 11(1), 145–163.

https://cyberleninka.ru/article/n/digital-security-of-the-hotel-brand

Datta, A., Yash Kartik, & Nagar, A. (2024). A Study in Attack and Breaches. EAI/Springer

Innovations in Communication and Computing, 279–309. https://doi.org/10.1007/978-3-

031-53290-0_5

Khan, S. K., Shiwakoti, N., Stasinopoulos, P., & Chen, Y. (2020). Cyber-attacks in the next-

generation cars, mitigation techniques, anticipated readiness and future directions.

Accident Analysis & Prevention, 148(1), 105837.

https://doi.org/10.1016/j.aap.2020.105837

Paraskevas, A. (2022). Cybersecurity in Travel and Tourism: A Risk-Based Approach.

Handbook of E-Tourism, 1605–1628. https://doi.org/10.1007/978-3-030-48652-5_100

Rice, E. B., & AlMajali, A. (2014). Mitigating the Risk of Cyber Attack on Smart Grid Systems.

Procedia Computer Science, 28, 575–582. https://doi.org/10.1016/j.procs.2014.03.070