Are your staff putting your business at risk? Hacker costs the Marriott hotel chain $1million dollars

It’s one of the most inventive ways I’ve heard of attempting to land a job, but also one of the most stupid! Hungarian Attila Nemeth has been sentenced to 30 months behind bars for hacking into the Marriott Hotel’s network and extracting sensitive information. Nemeth then threatened to reveal the sensitive information, unless they offered him a job.

The global leading hotel chain reported the incident to the US secret service, which duly set up a sting operation in which they posed as representatives of the hotel in an interview situation. Obviously basking in the glory of his actions, Nemeth accepted an all expenses paid trip to the US to attend the interview. However his number was up when he was lured into describing (probably gloating all the way) how he had hacked the hotel’s network and extracted the information.

It transpires that Nemeth had used Trojan emails to employees, allowing him to access the hotel’s servers and extract high level information.

What we don’t know, and what has yet to be commented on, is, did Marriott realise that this information had been accessed and extracted? Seemingly it was the blackmail threat from Nemeth that promoted them to check, and subsequently call in the US secret service to deal with the matter. But when would someone on the inside, or their internal systems have let them know that they had and were suffering a breach?

For his troubles Nemeth was sentenced to 30 months behind bars. The Marriott estimated the cost of dealing with the incident between $400,000 and $1,000,000. Ouch!

Cyber security is a multi-faceted beast that requires a joined up approach of robust systems and networks, regular penetration testing and frequent staff training. Staff training is often the forgotten man of cyber security, as businesses concentrate on the hardware and cyber aspect of security. Humans however, have the incredible ability to sidestep and forgo all the security measures you put in place, purely by being ignorant or simply uninformed.

Ensure you know the risks posed to your business, and how to protect yourself >>>

Source: The Register