British Airways and Marriott International are two major hospitality companies to be victims of high-profile breaches in recent memory. They serve as a stark reminder of the heavy costs faced when the safety of customers’ data is compromised.
With global business fighting relentlessly to survive against the chaotic threat of the Coronavirus, all industries are exposed to criminal cyber-threats, and so the security of highly sensitive data must be handled appropriately.
Against this backdrop, the stage is clearly set for business leaders to consider how best to couple existing infrastructure with robust cyber strategies. No matter the size of the business, inefficient cyber support diverts crucial time from business activities and relationships with customers.
Industry-wide initiative is now an absolute necessity to ensure both SMEs and large hospitality corporates stand the best fighting chance to succeed in their cyber journey amid and beyond the global pandemic we face today.
Hospitality Data - A Hunting Ground
While financial services and the public sector have been forced to endure an endless stream of cybercrime, the hospitality industry has also become a prime contender for hackers in the wake of its rich data-base.
Worth billions of pounds, the hospitality industry is a perfect victim for cyber-criminals. Its make-up of luxury resorts and hotels alongside huge volumes of high net-worth individuals has fast become prey for hackers.
Consumer data is boundless, and subsequently presents an increasing number of access points for hackers to exploit. Various technologies spread across operation lines are more susceptible to cyber-crimes. Per day, hotels gather millions of data-points of their customers who connect and use their variety of gadgets within the hotel’s premises.
Mobile phones, tables and laptops connected to open networks become a hunting ground for hackers to harvest banking details through card payments.
Customer Excellence and Vulnerability
Hospitality is a leader in customer excellence, between providing the perfect stay and exceeding expectations, hotels continue to improve their digital offerings to customers. Providing high-speed Wifi and connectivity to hundreds of visitors is no easy feat, as hotels run a number of endpoints and remote connections, with alarms, electronic doors and Wifi systems all requiring common features. Sadly, this gives cyber-criminals easier entry to access key information and begin their attack.
Today, the systems used for various functions in a hotel’s back and front operations are manned by employees who are not yet well-equipped to pick up on and counter large-scale cyber-attacks until it’s too late.
The root of this cyber crisis lies in the way hotels are hampered by disparate legacy systems and out-of-date software where breaches are rife for the taking, particularly on hotels’ Point of Sale (POS) systems and other external vendors. Adding to this, hotels often outsource their customer IT connectivity but unfortunately forget to consistently monitor and audit suppliers’ security measures.
These burdens come into sharper focus when you consider the digital environment in which hotels are operating. Individual hotels are often connected to the organization’s national or international network, meaning only one hotel has to be breached before the entire company is at risk of hemorrhaging huge volumes of its data.
With a data trail that goes back years, highly sensitive information such as payment information, passport data and contact details could fall victim to cyber-attacks.
Arm yourself with cyber metrics
Too few organizations have had the opportunity to assess their risk appetite, let alone truly review what types of cyber threats their business is vulnerable to until it's too late. Nobody sets out to design bad security infrastructure, but many years of decisions based on shortcuts have progressively created a dangerous level of weaknesses at the very heart of hospitality.
When weakness is located it creates real value for businesses as it enables a more refined and tailored strategy to be put together to improve its cybersecurity. Penetration Testing is one of the most effective ways to carry this out and it lends well to putting in place an architecture that evaluates how exposed assets are and the steps required to defend against vulnerabilities.
Incident planning
Most crucially, a cybersecurity strategy must include a solid plan for Business Continuity and Disaster Recovery in order to prepare for any worst-case scenarios. In the era of COVID-19, incidents of the worst kind are fast emerging and businesses deserve a fighting chance to succeed.
A cybersecurity leader positioned in the business can become a hugely valuable asset in creating a proactive policy to tackle such a challenging incident, where they would be able to carry out powerful damage-control to reassure customers and reinstate loyalty to the brand.
A united step forward in risk management
For businesses to feel empowered against today’s many challenges, a consistent approach to risk management is absolutely crucial. A CISO with the authority to carry out real change and impart strong governance across the business would be hugely valuable.
More robust governance measures would likely reduce costs as a result of lower cases in incidents. On top of this, a CISO function would ensure a proper evidence backlog would be made available in any investigation in the event of a data breach.
The hospitality industry deserves to be equipped with the right armor to keep safe and survive the overwhelming threat of COVID-19. The implementation of regular penetration testing alongside an effective cybersecurity strategy will give way to a new era of understanding security weaknesses with the right tools to build up a resilient defense against them.
To ensure businesses are in the best possible position to compete during and long after the Coronavirus pandemic is over, both customers and employees need to be educated on the security measures on offer to feel comforted in this brave new business climate.