In a sector where reputation is everything, hotel IT directors face a constant battle to keep guests and their assets safe. In 2015 the hospitality sector was named one of the top three industries most frequently targeted by cybercrime according to the Trustwave Global Security report.
Considering the amount of data that hotels hold about their guests, from passports to credit card and contact details, it’s no surprise that they are sitting targets for cybercriminals. Around half of all cyber attacks involve theft of credit card data and personally identifiable information.
And hackers are becoming ever more adept at exploiting new technologies to their advantage. The interconnection of hotel systems means they can gain access to door locks, heating and air conditioning systems, electrics, plumbing and other key structural and physical parts of the hotel. That’s in addition to the financial structure.
Take the case of the hotel in Austria where hackers last year targeted the electronic key system, locking the hotel out of its computer system and preventing staff from accessing the reservation system. At the time of the attack, the hotel was using swipeable key cards. Hackers demanded a ransom request of two bitcoins to return access to the electronic key system. The hotel has since returned to using traditional keys.
In 2015, many well-known hotel chains including Hilton Hotels, Hyatt and Starwood reported credit card security problems. Payment Card Industry (PCI) guidelines help hotels protect credit card data vulnerabilities. The standards apply to all hotels that use credit card transactions, regardless of the size of the transactions. Compliance involves keeping and managing logs and can involve costly overheads.
External threats aside, hotels have to be on alert for malicious insider threats that are far harder to detect. With their armies of staff with a high turnover, they need to be on guard for employees who can do much more damage than rifling through guests’ physical belongings. Sub-contractors, affiliates, partners and third-party providers also often have insider access to a hotel’s customer database, exposing the organisation to additional risks of data breaches and leaks.
When staff have legitimate access to sensitive guest information, including credit card data, a malicious action is not easy to identify from regular work routine.
Malice aside, there’s also the perennial problem of human error. Inadvertent security breaches can and are made by staff out of carelessness or a lack of security training.
Insider attacks can cause huge damage to a hotel’s reputation and remediation of such attacks can cost a fortune. If you’re a hotel IT director, It is important to make insider threat prevention and detection a part of your security strategy and make sure that you have an incident response plan ready.
Transputec has many years of expertise in providing services and cutting edge solutions to the hotels sector. Our award-winning detection and monitoring tool, ThreatSpike, will ensure that your hotels’ systems and information, as well as that of their guests, is protected at all times. ThreatSpike offers an immediate assessment of network vulnerabilities. At the core of its service is a sophisticated monitoring tool that plugs into your core network and starts analysing traffic in real time, using big data and algorithms to identify suspicious or unusual behaviour. In addition, ThreatSpike and our Cybersecurity as a Service will ensure that you are PCI compliant without needing to implement complex processes or costly overheads.
If want to get a free analysis of whether you are at risk, please get in touch and we can help to find a solution for your network.