Research by cybersecurity and managed security services provider Trustwave sheds light on the distinctive threat of cybersecurity which looms over the hotel industry.
Hotels already have to manage physical security concerns, which oftentimes are breached through the accessibility of physical hardware. This issue has reared its head in recent lawsuits against hotel chains wherein guests have been attacked in their rooms due to break-ins.
On top of this, given the sheer breadth of the hotel industry and its operations, its cybersecurity threat landscape is especially vast, complex, and critical.
Some hoteliers have necessarily invested in cybersecurity technologies, including Accor, Hilton, and Marriott International.
But the threat grows ever stronger. The attack flow utilised by hacker groups includes brute forcing, exploiting known vulnerabilities and attacking exposed open ports.
Concerningly, cybersecurity hiring activity decreased by 19% in the travel and tourism industry in Q1 2023, indicating passivity within the industry.
What can hotels do to improve cybersecurity?
GlobalData’s travel and tourism intelligence points out that as hotel booking processes become more digitalised and more personal data is shared online, the exposure to security threats continues to increase.
Wi-Fi networks are also a point of concern, given the substantial volume of network users in hotels. Organisations must operate under the assumption their networks are highly susceptible to attacks due to the sheer number of users. This leads to hesitancies to deploy patches and configuration changes that might have an adverse impact on day-to-day operations.
Given the growing sophistication of attacks, simply thoroughly investigating cybersecurity strategies in the aftermath of a cyberattack or focusing on meeting compliance obligations will not suffice, it will only lead to an endless cycle of spending.
Cybersecurity should involve contingency planning, outlining the immediate actions and post-breach responses a company should take if a cyberattack occurs, and understanding a company’s current level of cyber risk.
Data is most secure when all companies across the travel and tourism value chain invest in all layers of the cybersecurity value chain.