{"id":6918,"date":"2021-03-23T11:26:57","date_gmt":"2021-03-23T11:26:57","guid":{"rendered":"https:\/\/cybersmart.com\/?p=6918"},"modified":"2021-03-23T14:30:04","modified_gmt":"2021-03-23T14:30:04","slug":"cybersecurity-in-hospitality-a-growing-issue","status":"publish","type":"post","link":"https:\/\/cybersmart.com\/blog\/cybersecurity-in-hospitality-a-growing-issue\/","title":{"rendered":"Cybersecurity in hospitality \u2013 a growing issue?"},"content":{"rendered":"

COVID-19 has brought with it a notable rise in attacks on all businesses. <\/span>Research from Deloitte<\/span><\/a> reveals that the last 12 months have seen a sharp increase in ransomware, phishing attacks and attempted hacks.\u00a0<\/span><\/p>\n

But there\u2019s one industry that\u2019s right on the frontlines of the fight against cybercrime: hospitality. Why is the industry so at risk? And what can be done to improve cybersecurity in hospitality?\u00a0<\/span><\/p>\n

What are the risks?\u00a0<\/b><\/h3>\n

While hospitality businesses face many of the same cyber risks as other industries, they\u2019re also at risk from a few that are fairly unique to the sector.\u00a0<\/span><\/p>\n

There are the risks associated with the <\/span>contact tracing<\/span> requirements for COVID-19 that every hotel, bar or restaurant has to abide by. But there are also a few other threats that particularly impact hospitality:\u00a0<\/span><\/p>\n

DDOS (distributed denial of service) attacks<\/strong><\/h4>\n

The CCTV and surveillance systems many hotels and restaurants are reliant upon for customer safety are particularly vulnerable to this type of attack.\u00a0<\/span><\/p>\n

Human error<\/strong><\/h4>\n

With staff often handling dozens of transactions in a day and constantly juggling tasks, the risk of human errors that lead to breaches is high.\u00a0<\/span><\/p>\n

DarkHotel<\/strong><\/h4>\n

DarkHotel is targeted spear-phishing spyware that attacks high-profile business customers through the hotel’s in-house <\/span>WiFi<\/span> network.<\/span><\/p>\n

Alongside these threats, phishing and ransomware attacks are also very common amongst hospitality businesses.\u00a0<\/span><\/p>\n

What evidence is there of the risk to cybersecurity in hospitality?\u00a0<\/b><\/h3>\n

Unfortunately, we\u2019re not short of evidence on the risks to the hospitality sector.\u00a0<\/span><\/p>\n

In the last few years, hospitality only ranks behind fiance and retail as the industry most targeted by cybercriminals. In 2018 alone, almost 514 million hotel data records were stolen or lost worldwide. The trend continued throughout 2020, with both<\/span> Mariott <\/span><\/a>and <\/span>Prestige Software\u2019s<\/span><\/a> Cloud Hospitality platform both suffering massive breaches.\u00a0<\/span><\/p>\n

Why is hospitality under attack?\u00a0<\/b><\/h3>\n

Like most industries regularly attacked by cybercriminals, hospitality is seen as an easy target. A <\/span>recent study into hacker forums<\/a><\/span>\u00a0revealed that hospitality chains Hilton and Marriott were included in 31% and 28% of mentions respectively in discussions on easy targets.\u00a0\u00a0<\/span><\/p>\n

What\u2019s more, it\u2019s borne out by the figures. To date, 423 million U.S. travellers have been victims of a cyberattack through their business with hotels. And <\/span>70% of hotel guests<\/span><\/a> believe that hotels don\u2019t invest enough in cybersecurity protection.\u00a0<\/span><\/p>\n

70% of hotel guests<\/span> believe that hotels don\u2019t invest enough in cybersecurity protection.\u00a0<\/span><\/p><\/blockquote>\n

So what\u2019s going wrong?<\/span>
\n<\/span>
\n<\/span>A breakdown of hotel data breach areas revealed that 64% of breaches occur via corporate internal networks and 18% in both e-commerce and at point of sale. This suggests that the problem in hospitality is largely one of employee education and poor cyber hygiene.\u00a0<\/span><\/p>\n

So is contact tracing safe for customers and businesses?\u00a0<\/b><\/h3>\n

With the adoption of contact tracing throughout the hospitality industry during the coronavirus pandemic, hotels, restaurants and bars have become a target. This is partly down to their large databases of customer information, but it\u2019s also due to the relatively weak cybersecurity employed by most.\u00a0<\/span><\/p>\n

Using the COVID-19 Guardian tool, cybersecurity experts assessed 40 contact tracing apps around the world to be of risk to users. 72.5% of these apps had a least one insecure cryptographic algorithm and 75% contained a tracker that sent data to third parties.\u00a0<\/span><\/p>\n

72.5% of contact tracing apps have a least one insecure cryptographic algorithm<\/span><\/p><\/blockquote>\n

However, it\u2019s worth noting, despite the risks, all of the apps save Kyrgyzstan\u2019s \u2018Stop COVID-19 KG\u2019 were free of malware. We\u2019ve written at length about why the benefits of contact tracing far outweigh the risks <\/span>here<\/a>. B<\/span>ut, in short, the privacy concerns relating to contact tracing are relatively minor and should be easy to iron out.\u00a0\u00a0<\/span><\/p>\n

What can be done to improve cybersecurity in hospitality?\u00a0<\/b><\/h3>\n

The good news is that the current baseline for security levels in the industry is low. This means that achieving better protection is relatively simple.\u00a0<\/span><\/p>\n

Simply put, hotels, bars, and restaurants need to be better at the basics. This might sound easier said than done. After all, hospitality businesses tend to be populated by staff with great people skills, not cybersecurity experts.\u00a0<\/span><\/p>\n

However, the five technical controls laid out in the Cyber Essentials certification process don\u2019t require expertise and would dramatically improve most businesses\u2019 security. These are:\u00a0<\/span><\/p>\n