As technology has evolved, so too has cybercrime. Tony Toutoungi delves into the world of cyber security, examining the various threats and how hotels can prevent data theft.
I hate to be the bearer of bad news, but over the past few years, the industry’s most best-known brands have all fallen prey to cybercrime. This includes the Marriott’s 5.2 million guests, whose personal and financial information was leaked to a data thief posing as the company’s CEO.
What is cyber security?
The term cyber security is used to refer to the methods and practices that aim to defend devices, networks, servers, electronic systems and all kinds of data from ill-intended attacks.
In today’s business environment, information is the most valuable asset. That is why many hackers and attackers aim to steal your information, and they might even shut you out of your devices and systems while doing so.
Cyber security practices often involve the use of a tool or software, such as antivirus programs, firewalls, anti-malware software and such.
What kinds of threats target the hospitality industry?
In the past few years, we have witnessed many hotels being the victims of cyber criminals. Such incidents lead to serious data leakages and hurt the reputation of the organization. After all, we would never revisit a facility that failed to keep sensitive information safe from hackers.
Customer data/identity theft: When booking a hotel room, we share some of our most sensitive data: name, address and payment information. That is why most hackers try to steal customer information from hotels using malware, computer viruses and social engineering methods.
Phishing: The term phishing refers to the techniques used to deceive and convince professionals to leak information. The most popular phishing techniques include fake web pages, phone calls, text messages and e-mails that appear to be from a genuine source.
In recent years, this threat has become increasingly sophisticated, with attacks targeting those in authority. The aim is to take over a user’s email account to send bogus emails to colleagues. These emails often attempt to persuade recipients to authorize transactions.
Darkhotel hacking: In recent years, this threat has become increasingly sophisticated, with attacks targeting those in authority. The aim is to take over a user’s email account to send bogus emails to colleagues. These emails often attempt to persuade recipients to authorize transactions.
The most famous recent ransomware attack, WannaCry, simultaneously targeted countries and businesses all over the world. It posed a real threat by taking information and certain systems hostage.
Distributed Denial of Service (DDoS):
This is the hack of choice for those looking to target a wide array of systems hotels use. Sprinkler systems and security cameras are vulnerable to hijack. After security is undermined, entire computer systems can be made to come crashing down. Cybersecurity for hotels should always include a process to mitigate any compromised systems should they be affected in a DDoS attack.
Point-of-sale/payment card attacks
Point-of-sale attacks pose the biggest threat to the hotel industry as a whole. Rather than attacking the hotel itself, they are a third-party crime, meaning they attack the vendor.
Cybersecurity issues of this nature often result in customers being out of pocket and the media getting involved. Furthermore, there could be financial implications for the business. One example of this was MasterCard billing an unnamed establishment for USD 1.4 million, while Visa billed around USD 500,000.
Cybersecurity training for employees
Cybersecurity issues of this nature often result in customers being out of pocket and the media getting involved. Furthermore, there could be financial implications for the business. One example of this was MasterCard billing an unnamed establishment for USD 1.4 million, while Visa billed around USD 500,000.
