{"id":6918,"date":"2021-03-23T11:26:57","date_gmt":"2021-03-23T11:26:57","guid":{"rendered":"https:\/\/cybersmart.com\/?p=6918"},"modified":"2021-03-23T14:30:04","modified_gmt":"2021-03-23T14:30:04","slug":"cybersecurity-in-hospitality-a-growing-issue","status":"publish","type":"post","link":"https:\/\/cybersmart.com\/blog\/cybersecurity-in-hospitality-a-growing-issue\/","title":{"rendered":"Cybersecurity in hospitality \u2013 a growing issue?"},"content":{"rendered":"
COVID-19 has brought with it a notable rise in attacks on all businesses. <\/span>Research from Deloitte<\/span><\/a> reveals that the last 12 months have seen a sharp increase in ransomware, phishing attacks and attempted hacks.\u00a0<\/span><\/p>\n But there\u2019s one industry that\u2019s right on the frontlines of the fight against cybercrime: hospitality. Why is the industry so at risk? And what can be done to improve cybersecurity in hospitality?\u00a0<\/span><\/p>\n While hospitality businesses face many of the same cyber risks as other industries, they\u2019re also at risk from a few that are fairly unique to the sector.\u00a0<\/span><\/p>\n There are the risks associated with the <\/span>contact tracing<\/span> requirements for COVID-19 that every hotel, bar or restaurant has to abide by. But there are also a few other threats that particularly impact hospitality:\u00a0<\/span><\/p>\n The CCTV and surveillance systems many hotels and restaurants are reliant upon for customer safety are particularly vulnerable to this type of attack.\u00a0<\/span><\/p>\n With staff often handling dozens of transactions in a day and constantly juggling tasks, the risk of human errors that lead to breaches is high.\u00a0<\/span><\/p>\n DarkHotel is targeted spear-phishing spyware that attacks high-profile business customers through the hotel’s in-house <\/span>WiFi<\/span> network.<\/span><\/p>\n Alongside these threats, phishing and ransomware attacks are also very common amongst hospitality businesses.\u00a0<\/span><\/p>\n Unfortunately, we\u2019re not short of evidence on the risks to the hospitality sector.\u00a0<\/span><\/p>\n In the last few years, hospitality only ranks behind fiance and retail as the industry most targeted by cybercriminals. In 2018 alone, almost 514 million hotel data records were stolen or lost worldwide. The trend continued throughout 2020, with both<\/span> Mariott <\/span><\/a>and <\/span>Prestige Software\u2019s<\/span><\/a> Cloud Hospitality platform both suffering massive breaches.\u00a0<\/span><\/p>\n Like most industries regularly attacked by cybercriminals, hospitality is seen as an easy target. A <\/span>recent study into hacker forums<\/a><\/span>\u00a0revealed that hospitality chains Hilton and Marriott were included in 31% and 28% of mentions respectively in discussions on easy targets.\u00a0\u00a0<\/span><\/p>\n What\u2019s more, it\u2019s borne out by the figures. To date, 423 million U.S. travellers have been victims of a cyberattack through their business with hotels. And <\/span>70% of hotel guests<\/span><\/a> believe that hotels don\u2019t invest enough in cybersecurity protection.\u00a0<\/span><\/p>\n 70% of hotel guests<\/span> believe that hotels don\u2019t invest enough in cybersecurity protection.\u00a0<\/span><\/p><\/blockquote>\n So what\u2019s going wrong?<\/span> With the adoption of contact tracing throughout the hospitality industry during the coronavirus pandemic, hotels, restaurants and bars have become a target. This is partly down to their large databases of customer information, but it\u2019s also due to the relatively weak cybersecurity employed by most.\u00a0<\/span><\/p>\n Using the COVID-19 Guardian tool, cybersecurity experts assessed 40 contact tracing apps around the world to be of risk to users. 72.5% of these apps had a least one insecure cryptographic algorithm and 75% contained a tracker that sent data to third parties.\u00a0<\/span><\/p>\n 72.5% of contact tracing apps have a least one insecure cryptographic algorithm<\/span><\/p><\/blockquote>\n However, it\u2019s worth noting, despite the risks, all of the apps save Kyrgyzstan\u2019s \u2018Stop COVID-19 KG\u2019 were free of malware. We\u2019ve written at length about why the benefits of contact tracing far outweigh the risks <\/span>here<\/a>. B<\/span>ut, in short, the privacy concerns relating to contact tracing are relatively minor and should be easy to iron out.\u00a0\u00a0<\/span><\/p>\n The good news is that the current baseline for security levels in the industry is low. This means that achieving better protection is relatively simple.\u00a0<\/span><\/p>\n Simply put, hotels, bars, and restaurants need to be better at the basics. This might sound easier said than done. After all, hospitality businesses tend to be populated by staff with great people skills, not cybersecurity experts.\u00a0<\/span><\/p>\n However, the five technical controls laid out in the Cyber Essentials certification process don\u2019t require expertise and would dramatically improve most businesses\u2019 security. These are:\u00a0<\/span><\/p>\n In fact, it\u2019s estimated that implementing these five steps can protect an organisation from up to 98.5% of the most common cyber threats.\u00a0<\/span><\/p>\n Beyond technical precautions, there\u2019s another thing hospitality businesses could be doing better.\u00a0 As we mentioned earlier, the majority of attacks on hospitality businesses stem from internal networks or at the point of sale. This suggests that staff either aren\u2019t cyber aware enough to know a threat when they see them or they\u2019re engaging in risky behaviour themselves.\u00a0\u00a0<\/span><\/p>\n The key to fixing this is employee education. If your people aren\u2019t aware of which behaviours are harmful and risk a breach, they can\u2019t correct them. And it doesn\u2019t have to be complex or require a computer science degree. Even the most basic education on proper cyber hygiene, using secure passwords, for example, could mitigate most of the risks hospitality firms face.\u00a0<\/span><\/p>\n Looking to improve your cybersecurity but not sure where to begin? Start by getting certified in <\/span>Cyber Essentials<\/span><\/a>, the UK government scheme that covers all the fundamentals of cyber hygiene.<\/span><\/p>\nWhat are the risks?\u00a0<\/b><\/h3>\n
DDOS (distributed denial of service) attacks<\/strong><\/h4>\n
Human error<\/strong><\/h4>\n
DarkHotel<\/strong><\/h4>\n
What evidence is there of the risk to cybersecurity in hospitality?\u00a0<\/b><\/h3>\n
Why is hospitality under attack?\u00a0<\/b><\/h3>\n
\n<\/span>
\n<\/span>A breakdown of hotel data breach areas revealed that 64% of breaches occur via corporate internal networks and 18% in both e-commerce and at point of sale. This suggests that the problem in hospitality is largely one of employee education and poor cyber hygiene.\u00a0<\/span><\/p>\nSo is contact tracing safe for customers and businesses?\u00a0<\/b><\/h3>\n
What can be done to improve cybersecurity in hospitality?\u00a0<\/b><\/h3>\n
\n