The average cost of data breaches in the hospitality industry was around $1.72 million in 2020. Hospitality includes Food & Beverage, Lodging, Recreation, Travel & Tourism and Meeting & Events industries. Simultaneously, the increased use of technology in the hospitality industry became prevalent, whereby businesses began deploying IoT devices, interconnected networks, digitalized services, etc. Unfortunately, the deployment of emerging technologies marked an increase in cyberattacks in the hospitality industry. The recreation industry relies on SCADA controls to operate ski lifts, gondolas, water parks and many other systems that entertain visitors.
Although organizations in the hospitality industry invest in the latest technology, their cybersecurity infrastructures are still far behind, making them a large target. Many hotels do not have dedicated cybersecurity policies to ensure that their systems are patched and protected with antivirus or anti-malware tools.
Unfortunately, the evolution of the cyber threat landscape and the sophistication of attack vectors point toward a future where even a minor vulnerability can bring catastrophic consequences to the organization. From phishing, ransomware, DDoS, vulnerable POS systems, and security gaps in partners to providing cybersecurity training to employees, organizations in the hospitality industry must consider everything to improve their security posture.
The expansive database of the organizations in the hospitality industry containing sensitive personal information of guests is the primary reason that makes them lucrative targets for cybercriminals. Additionally, the volume of financial transactions, loyalty programs, and geographical expansion are also significant reasons behind cyberattacks on the hospitality industry.
Hotel chains with distributed enterprises have a large attack surface with global customer bases. Cybercriminals target high-value enterprises because of the large attack surface and wealthy customers. Stealing these cardholders’ identities and payment information is like hitting the jackpot. Breaching one property in a centralized network gives access to the entire chain.
Moreover, untrained hotel staff with limited knowledge about cyber threats and cybersecurity best practices also create vulnerabilities. Their lack of cybersecurity awareness can unintentionally result in them becoming the threat actors due to their constant interaction with guests, management, and the system. Unchecked staff access can compromise the security of the network. In addition, many organizations in the hospitality industry are yet to take cybersecurity seriously. As a result, the lack of proper cybersecurity infrastructure and other vulnerabilities make them potential targets.
The hospitality industry has undergone numerous changes, especially in a post-pandemic world. Various hotel chains across the globe are digitalizing themselves completely to gain a competitive advantage. However, they forget the necessity of robust cybersecurity to secure their digital ecosystem, resulting in cyberattacks and losses
Here are the top five cyber threats in the hospitality industry:
- Phishing:Phishing is one of the most popular social engineering cyberattacks, with a high success rate. It tricks the victims into revealing their credentials or downloading malicious malware. One of the most prominent examples of phishing attacks in the hospitality industry in recent times is the Marriott Hotel Group, which affected around 5.2 million of its guests.
The lack of proper security awareness training for employees in the hospitality industry also contributes to the rampant phishing attacks. Cybercriminals target hotel owners or managers during busy periods so that the recipient takes action without scrutinizing the email thoroughly. Alternatively, hackers can lure guests into entering sensitive information or sending booking amounts to fake websites that appear almost indistinguishable from the real ones.
See: https://redskyalliance.org/xindustry/phishing-how-not-to-get-caught
- Ransomware:Hotels, restaurants, bars, and other businesses associated with the hospitality industry often use technology to upgrade themselves and enhance customer experience. Although this streamlines business operations, it also increases the vulnerability of connected networks and computer systems. Cybercriminals use ransomware to encrypt data and cut off access. They not only steal the data or demand ransom, but they also threaten to release it on the internet even after receiving payment. The 2017 ransomware attack on luxury Austrian hotel Romantik Seehotel Jaegerwirt was eye-opening. It locked out guests and hotel employees from guestrooms until the hotel management paid the ransom.
See: https://redskyalliance.org/xindustry/sans-ransomware-prevention
- DDoS and botnets:The Distributed Denial of Service or DDoS attacks render an online service unavailable after overwhelming it with massive traffic volume from multiple sources, resulting in significant damage. Hotels are particularly vulnerable to DDoS attacks, as these attacks can shut down the official website and the hotel’s online booking or billing system. Using botnets, hackers flood the critical systems with traffic. It leads to systems crashing and shutting down numerous devices in the hospitality. They can further use these compromised devices to disrupt other systems on the infrastructure.
See: https://redskyalliance.org/xindustry/ddos-attacks-intensified-in-2020
- Third-party suppliers’ vulnerabilities:The hospitality industry outsources numerous technologies such as payment solutions, CRMs, apps, etc. Developing these technologies in-house is time-consuming, but outsourcing them speeds up development and deployment. However, outsourcing is associated with security implications—hotel owners often overlook the security posture of the third-party vendor. Poor cybersecurity infrastructure of the third-party vendors often leads to cyberattacks that infect the hotel network. Before signing the deal, hotel owners must evaluate the vendor’s solution, deployment, vulnerability testing, software updates, and cybersecurity policies or practices to handle any cyberattack.
See: https://redskyalliance.org/xindustry/supply-chain-threats-will-increase-in-2021
- Point-of-sale system attack:Point-of-sale systems or machines directly access sensitive information such as credit card details or personal data received through the payment processor gateways. Even in the face of technological advancement, POS systems are still the weakest link in the electronic payment system. As per a report, 60% of restaurant breaches result from POS intrusions. Cybercriminals use malware infection to target the POS terminals. Outdated software, weak passwords, insecure remote access, and improper configurations are common reasons for cyberattacks on POS systems in the hospitality industry.
See: https://redskyalliance.org/xindustry/credit-card-numbers
Although digital transformation has helped the hospitality industry offer convenience to customers, it has opened up the network for cybercriminals. As a result, organizations in the hospitality industry must be aware of cyber threats and prepare to protect their network in advance. Although organizations in the hospitality industry are focused on revenue-generating operations, it is equally important to engage with trusted cybersecurity experts knowledgeable in detective, preventive, and corrective cybersecurity countermeasures. From implementing policies and cybersecurity best practices to upgrading the corporate networks, training employees, and creating incident response plans, organizations must cover every vulnerability and increase security resilience before malicious actors compromise them.
Red Sky Alliance is a Cyber Threat Analysis and Intelligence Service organization. For questions, comments or assistance, please contact the office directly at 1-844-492-7225, or feedback@wapacklabs.com
Weekly Cyber Intelligence Briefings:
Reporting: https://www.redskyalliance.org/
Website: https://www.wapacklabs.com/
LinkedIn: https://www.linkedin.com/company/64265941
Weekly Cyber Intelligence Briefings:
REDSHORTS - Weekly Cyber Intelligence Briefings
https://attendee.gotowebinar.com/register/3702558539639477516
Article: TR-22-208-001.pdf
Comments