Hospitality industry’s techtension: cyber attacks
The vulnerability of hospitality sector, was exposed when Marriott International disclosed the theft of 25 million passport numbers and 380 million unique guests’ information
No one would have a single ounce of doubt that by harnessing the full benefits of digitisation and embracing technology with open arms have put the hospitality sector on the global economic map. However, the doubt arises when we look at the by-product of digitilisation, technology and ‘going online’ – cyber attacks!
It is generally assumed that larger organizations perform better when it comes to securing their data. But the data suggests a different story. While many of these systems may be built and operated by commercial organisations, their importance to national defence can’t be underestimated. It’s vital therefore that, while the risks to data will vary from country to country, vital cyber-security measures are put in place to protect it.
Getting into the negative limelight
Every industry has its own share of threats looming over. Hospitality industry was rather unknown to the cyber bugs and was not a prime target; or so we assumed! The 2018 incident where Marriott International disclosed the theft of more than 25 million passport numbers and 380 million unique guests’ personal information was eye opener for the hospitality industry. Given the prevalence of breaches in the tourism & hospitality sector, PwC’s Hotels Outlook report, 2018-2022, reported it has having the second-highest number of cyber security breaches after the retail sector. The Trustwave Global Security Report of 2018 listed hospitality industry as the third most cyber attacked industry of the world.
By collecting highly sensitive, valuable and varied personal data of their customers, hotels are prone to cyber data breaches on a larger front. The luxury hotels now strive to give a more customised and personalised experience to their customers, in the process collects and stores their personal information. The large number of financial transactions done by the hotels involves executives, wealthy individuals and officials too. Loyalty programs, via which additional and repeated stays are encouraged, are much harder to detect. One doesn’t keep a check on the loyalty card as one does on the credit card status.
What goes wrong!
To put things straight, it is said that hotels are very vulnerable and easy to be breached. They basically survive in a very complex and vast interconnected digital environment with wide network of end points, connections and HVAC controls etc. So, while the hotel properties are competing with each other as to who would give the best of the best digital service to customers, a single technical mistake by anyone in the hotel industry will share the core and structural functionality of the hotels. A breach to the even home grown security network’s POS (Point of Sale) system will put the entire property under siege.
The “aftershocks” affecting hospitality businesses in the wake of data theft, can have repercussions. The hotel’s problems start with a loss of trust and therefore business by the guests who were affected, and go on to legal issues which could potentially lead to time and money consuming lawsuits. Additionally, the negative publicity would most likely have an impact on the hotel’s reputation and they could consequently suffer significant financial losses.
The hospitality companies need to
• Be hyper-vigilant! Primarly, accept the fact that anything can be breached. So, putting up measures to prevent cyber attacks from happening should be the foremost concern.
• Regular system checks and risk assessments always comes in handy. However, responding to a cyber attack as quickly as they occur without further damage should be the first response.
• A trusted strategic advisor with depth of experience in cyber security and breach prevention and resolution can always come up with the required cohesive top-to-bottom strategy.
• Setting up a full scale protection, recoginising adversary methodology could provide security to vulnerable networks.
The digital environment will only continue to grow in complexity, inevitably accompanied by an increase in scope and frequency of hotel cybersecurity threats, these best practices can better prepare you for a dangerous, volatile IT environment. Ensuring your hotel’s IT team is adequately prepared will prevent costly future threats to protect both your guests and organisation.
Indian Government have formed a national cyber co-ordination centre, and has framed national cyber safety and security standards, where the expert council can understand the possible and provide innovative ways and framework to tackle the increasing cyber threat faced by large countries like India. Apart from the guidelines, a working group of information technology, in 2013, set up the 6 top priorities for cyber-security including legal framework, security policies, compliance and assurance, security R&D, security incident and security awareness.
Hospitality businesses should be very concerned with the security of their data and strive to protect themselves and more importantly, their customers. It is all about protection and the DNA of every organisation, should include looking for potential threats, whether it is phishing, hacking, or any kind of vulnerability to make sure they are adequately protected. Unfortunately, for hoteliers, this crime is forever changing. When it comes down to cybersecurity for hotels, there is an almost perpetual arms-race to secure both data and networks.