How the Marriott data breach highlights the power of Graphus

January 21, 2020

As I’m sure you’ve already heard, Marriott recently announced that they have been the victim of a massive data breach where up to 500 million guests information has been compromised. They stated that there has been unauthorized access to their database since 2014. The bad actors have had access to this information for nearly four years before Marriott realized it. What does this mean for the Marriott, and really all companies for that matter? As KrebsonSecurity stated, “Assume you are compromised.” This means, “…accepting that despite how many resources you expend trying to keep malware and miscreants out, all of this can be undone in a flash when users click on malicious links or fall for phishing attacks.”

Marriott has said they will email Starwood Preferred Guests that may have been impacted. This is exactly what the bad guys want them to do. They will replicate the emails Marriott sends with the hopes of getting people to click on malicious links and either further compromise the individual or, if they are an employee of your company, getting access to your company’s information.

Every time a widely publicized attack happens, phishing awareness training companies scramble to create new templates to help try and train employees to spot phishing attacks. While this can be helpful, it stills means your organization is relying on the employee to remember their training and do the right thing, every time. Many valuable IT and security hours are put into pushing these templates out to employees, analyzing the results, and retesting employees that failed. What happens when an employee that passed during this test doesn’t pass when the real phishing attack comes? What happens when that one employee who clicks or responds to every message, does it again with a real attack? The result? Your company being compromised. It only takes one. One person, one click to compromise your organization.

With Graphus®, you don’t have to run campaigns, analyze results, retest and hope your employees will be able to spot the real attacks. Our patented AI technology, the TrustGraph®,performs detailed intelligent analysis giving your organization an advantage over the attackers! Graphus® detects suspicious and malicious messages and warns recipient(s) by providing EmployeeShield™, our interactive warning banner. This banner provides the recipients with a reason why the banner was applied and instructions on how to take action.


Unlike phishing training solutions, if a recipient clicks on “Unsafe” the message gets quarantined from ALL inboxes, not just from that recipient’s inbox. This eliminates the risk of someone else clicking on or responding to an attack.