Marriott International and its subsidiary Starwood Hotels are paying $52 million to resolve data breach claims. Who is responsible for data breaches? The FTC, in this case, said that the hotel companies deceived consumers by claiming to have reasonable and appropriate data security.
Liability and who pays for the damages remains a big question when it comes to cybersecurity, and case law is just getting started in determining the answer. Still, there are any number of steps that MSPs and MSSPs can take to ensure they don’t end up on the wrong side of a lawsuit.
MSSP Alert Live in Austin, Oct. 14-16 will take a deep dive into the questions of breach liability and how MSPs and MSSPs can protect themselves. If you are an MSP or MSSP and would like to attend this session or the whole day of programming on Oct. 16, drop me an email today with the subject line “DISCOUNT” and I will get you a special rate to attend. Send it to [email protected].
And as always, please send your news, tips and insights to me at [email protected].
Today’s MSSP Market Update
1. Data breach liability settlement - Marriott International and its subsidiary Starwood Hotels will pay $52 million to resolve data breach claims. The companies have also agreed to create a comprehensive information security program, according to the U.S. Federal Trade Commission. A proposed complaint by the FTC said that Marriott and Starwood deceived consumers by claiming to have reasonable and appropriate data security.
2. AI Threat Report - OpenAI said that it has disrupted more than 20 operations and deceptive networks from around the world that have attempted to use its models. The ChatGPT company has released its most recent threat report this week and it covers election security in the U.S. and around the world as well as other threats, and it offers several case studies, and examples of covert influence operations. The full report is available here.
3. MSSP acquisition - Seattle MSSP, tech support and data protection provider FusionTek has acquired another Seattle-based IT company, dpe Systems, which specializes in hardware sales and deployments. The company said the deal expands its capabilities.
4. Cybersecurity funding round - External attack surface management startup, watchTowr, has raised $19 million in Series A funding led by Peak XV, formerly known as Sequoia India & Southeast Asia, with repeat participation from Prosus Ventures and Cercano Management. The company says will use the funds grow to expand its go-to-market, research and engineering teams. The latest investment brings its total funding raised to $29 million.
5. Actively exploited vulnerabilities - CISA added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. They include CVE-2024-23113 Fortinet Multiple Products Format String Vulnerability, CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability, and CVE-2024-9380 Ivanti Cloud Services Appliance (CSA) OS Command Injection Vulnerability
6. Splunk's security team releases annual report - Splunk’s security research team SURGe’s annual Macro-ATT&CK Trendscape has identified what it says are the most commonly used attacker techniques and the top one involves public-facing application exploitation for initial access. The new report also offers recommendations for how teams can use preferred techniques for detection and hunting.
Looking for more news and a list of industry events? Check out the daily news column on our affiliate site ChannelE2E here.