Malicious Actors Reserving Cyber Attacks for the Hospitality Industry

Cyber attacks that lead to data breaches are becoming increasingly common in all industries, but there are certain types of businesses that are more vulnerable than others. The hospitality industry in particular is one of the most likely industries to be targeted by cybercriminals in addition to retail and finance.

It only makes sense that the travel industry would be such an enticing target for malicious actors. After all, how many industries do you know of that keep copies of full legal names for reservations, correspond with their customers via email for confirmations and store credit card information for months or even years in advance before an upcoming stay? Add this to the fact that cybercrime has risen drastically since the pandemic hit. It’s not hard to see why; 78% of cybersecurity professionals at companies have been taking additional safeguards this year.

In this article, we will discuss the significant risk facing travel businesses today and emphasize the importance of using technologies that remove risks and protect stored sensitive data. We’ll also touch upon what travel companies can do to tighten their cyber-security protocols and assure customers that their information is safe.

Why is the hospitality industry so vulnerable to cyber attacks?

Already hard hit by the coronavirus pandemic, hospitality companies must now deal with the increasing threat of cyber attacks that can hurt their reputation as well as lead to large fines from regulators. To keep up with customer demand, enhance convenience and foster a safer environment, many hotels have embraced technological innovations such as biometrics to speed up check-in processes and avoid the hassle of lost room keys.

Hotels with smart televisions that allow guests to log in to their existing streaming services are becoming more common as well as public Wi-Fi that is free for all to use. However, the more gateways guests can access to connect to different networks, the more surface area is created for potential cyber attacks.

Another reason that hotels are so vulnerable to cyber attacks is the fact that most guests are using the web to send their payments weeks or months before their planned trip. Large groups or conferences may send deposits worth tens of thousands of dollars to hotels prior to their big event, and cyber criminals can take advantage of this. Using phishing attacks, malicious actors can convince payroll departments to approve bogus money transfers, thus gaining access to systems through a bad link.

Furthermore, most large hotel chains have loyalty programs that store a guest’s name, address, phone number, credit card details and other personal information for long periods of time. Many hotels rely on continuous integration and delivery (CI/CD) pipelines to help automate the deployment of these loyalty programs, ensure that new updates are constantly released to customers, and reduce the amount of time they need to spend on manual testing.

However, the fact that most travel brands have locations spanning across the world and that some countries are known to have more cyber criminal activity than others makes hotels and airlines a prime target for malicious hackers.

When it comes to security, CI/CD can be used together to help enable software teams to address and implement cybersecurity functions, thus ensuring that new security updates are constantly made available to customers.

What are the top threats affecting the travel industry?

Threats to the travel industry are constantly changing as cybercriminals discover new vulnerabilities and workarounds for bypassing security responses. Here are some of the most common cybersecurity threats for the travel industry to be aware of:

Phishing

Malicious actors commonly send official-looking emails to employees or customers that entice them to click on a link within the message. This can come in the form of a phony confirmation email or a fake invoice from a vendor. Attackers can even make the email seem as if it came from a professional email address. This is referred to as spear-phishing because the malicious actor has done research on the typical types of emails your travel company sends and receives.

Ransomware

Every 40 seconds, a new business is targeted with ransomware. Recent studies show that nearly half of businesses hit with ransomware pay the ransom, but only 26% of those businesses actually have their files unlocked by the attackers. This is an especially popular form of attack for hotels due to the amount of sensitive data they store regarding their guests.

Distributed denial-of-service (DDoS) attacks

DDoS attacks are another favored method for cyber criminals to hurt the travel industry while reaping a large financial reward. Hotels and airlines rely on a wide array of networks to provide reservation, payment, entertainment and security systems.

Once a malicious actor gains entry into one of these networks, they can shut the entire operation down until they receive payment to put the system back up again. For large hotels and airlines, the loss of revenue that could result from operations being down for even a couple of hours makes paying a large price potentially worth it.

How can hotels and airlines keep guests safer from malicious actors?

To keep guests safe from cyber criminals, hotels should consider allowing guests to book reservations or log on to public Wi-Fi through pre-existing accounts such as a Google account or a Facebook account. Thankfully, there are many avenues that allow hotels and airlines to sync online payment methods with these accounts. This will cut down on the amount of times guests have to create new accounts and enter credit card details, keeping transactions more secure.

In-depth threat visibility enables travel organizations to know exactly where their threat level stands. Organizations should look for this along with automated compliance features. Another essential feature in your cybersecurity strategy is to ensure that your existing software and apps are integrated into your security plan for full safety and functionality.

It’s equally important that hotels use high-quality servers when providing internet service to guests. Unfortunately, most web hosts rely on low-quality servers, which makes them more vulnerable to security hacks. Lower-cost web hosts usually have servers with aging infrastructure that are not up to date with the ever-evolving threat landscape. The most secure servers will offer free SSL protocols, firewall protection, malware scanners, and DDoS prevention at the bare minimum.

Ultimately, companies in the travel industry need to rely on professional cyber security companies that can provide a custom-fit security solution tailored to their needs. A strategy that includes real-time threat detection is essential, especially when you consider that many businesses don’t realize they have fallen victim until several months into a cyber attack.

Conclusion

As you can hopefully tell by now, cybercrime is a serious concern for the travel industry. Fortunately, with a little help from cybersecurity professionals, travel companies can easily devise a proper cybersecurity plan that will alleviate worries and protect travelers.

While travel companies may be tempted to neglect allocating proper funds for a strong cyber security strategy, especially after revenue loss due to the pandemic, it’s a major mistake. Companies that do not take cyber security seriously may end up paying a much higher price in terms of bad publicity, decreased customer confidence, and lost profits.

About the Author: Gary Stevens is an IT specialist who is a part-time Ethereum dev working on open source projects for both QTUM and Loopring. He’s also a part-time blogger at Privacy Australia, where he discusses online safety and privacy.

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.