With an increasingly complex cybersecurity landscape, it seemed appropriate to speak of cybersecurity in one of the most vulnerable sectors, hospitality. 2020 saw a massive release of stolen credentials and breached hotel systems. Choice Hotels lost more than 700,000 customer records to online criminals and Marriott hotels were fined £ 100 million for their 2018 violation. In 2020, hotels will remain a target for cybercriminals, as the amount of information they store it is a potential gold mine for online criminals. Today, it is more important than ever for hotels to start interacting with cybersecurity solutions to ensure that they protect themselves and their guests.
1. What Are The Main Threats Hotel Cyber Attack?
1. Phishing
Simple attacks are almost always the most effective and require little effort on the part of an attacker. Phishing has been a well-known term among cybersecurity professionals for years, and such attacks have generally been easy to detect. However; Phishing has become increasingly sophisticated and it has become increasingly difficult to identify malicious emails. More and more hotel managers and owners are under special attack, and attackers time to launch an email to coincide with busy periods, hoping that the recipient will take a request quickly and without much thought.
2. Ransomware
Ransomware has been a persistent threat for several years and takes advantage of the fact that many hotels do not have dedicated technical support to ensure systems are consistently patched and protected with anti-virus and anti-malware tools. Ensuring robust patch management along with robust anti-malware controls is vital to any business; not just hoteliers.
3. Point of Sale Systems (POS)
One of the things that will surely attract the attention of any company is the violation of a POS system and the subsequent loss of customer payment data. Many hoteliers do not understand the level of responsibility they may have to accept in the event of default and that is only from credit card providers, regardless of the Information Commissioner's Office (ICO).
POS systems are generally attacked because they are typically serviced by third parties who are unlikely to update their systems regularly or provide any significant level of configuration security; often using the default settings and authentication.
4. Internal Threat
It is not pleasant to think that your employees may be working against you, but it is very common. From simply taking the documents to be used in a new job, to getting the credit card details of the guests, the internal threat is very real and must be taken seriously. Staff will often have access to guest records and cleaning crews will have direct access to rooms and belongings. Hoteliers should consider which third parties have internal access to their systems and data, as well as employees. Having a solid incident management plan that covers insider threats is vital.
5. Guests
Hotels see a wide variety of guests, spanning different age groups, cultures, and political persuasions. As a hotel owner/operator, you never know who will stay with you. Internet access is no longer a luxury, but an essential element for most guests. However, hoteliers must ensure that access is controlled; monitored, and safe. Hotels can be responsible for whatever their guests do while using their network. It is also vital to ensure that a guest's wireless network is segmented from the corporate network. If you don't, guests can easily browse the networks and possibly see systems and data they shouldn't be seeing.