It’s exciting to see how advances in technology can make travel experiences easier. But progress in the hospitality world has a dark side.
According to a new report from Trustwave Spider Laboratoriesa company whose goal is to keep businesses around the world ahead of security threats.
Many have already faced problems. Thirty-one percent of hotel providers reported experiencing data breaches, the report said, citing Cornell University and Freedom Pay. This type of breach costs businesses an average of $3.4 million – and the cost isn’t just monetary; a breach can also damage a company’s reputation.
In an industry where customer satisfaction and reputation are paramount, ensuring security while delivering cutting-edge technology is a delicate balancing act.
Kory Daniels – Trustwave
The hospitality industry faces a “complex security landscape with distinct challenges,” Kory Daniels, Trustwave’s chief information security officer, said in a statement, adding that the environment stems from things like “the adoption of contactless technology and the constant turnover of customers and employees. »
“In an industry where customer satisfaction and reputation are paramount, staying secure while delivering cutting-edge technology is a delicate balancing act,” Daniels said. “Our latest threat briefing is a valuable resource for hospitality security managers, providing a comprehensive view of the threats observed by our SpiderLabs team, along with specific mitigation strategies to bolster defenses.
Although the report is new, the threat to the hospitality industry is not. Widely reported violations to which Marriott International, Choice Hotels And Sounder who have been victims reflect the challenges facing the industry. PhocusWright published a report last year revealing that digital fraud attacks increased by 156% over the previous year.
“The travel industry operates in an environment where many potential points of failure make preventing and detecting cybersecurity breaches much more difficult than other industries,” said Robert Cole, senior research analyst for accommodations. and leisure travel at Phocuswright, when the report was released. .
Here’s what travel professionals need to know about cybersecurity risks and how specific technologies — some of which are trending — are creating more risk, according to the new report.
What are the cybersecurity risks in the hotel industry?
A number of factors put the hospitality sector at risk when it comes to cybersecurity, as the Trustwave SpiderLabs report highlights:
- An ever-changing workforce: A “seasonal and less sophisticated workforce” in the hospitality industry means it’s difficult to maintain consistent cybersecurity training.
- Users, Guests: An ever-changing audience of users can strain a property’s bandwidth, while exposing its networks to attacks from malicious actors.
- Work Environment: Unlike office buildings, hotels are accessible to customers and others who may be responsible for a breach.
- Franchise: Since many hotel brands are franchised, they may face additional security risks when franchisees adopt different business models, creating a security inconsistency.
How Generative AI and LLMs Could Increase Risk
Given these inherent vulnerabilities in the hospitality industry, new technologies that can play a vital role in advancing the industry can also increase existing levels of risk.
Subscribe to our newsletter below
Artificial intelligence – including Generative AI And large language models (LLM) – has made headlines questioning its place in the future of travel. And Trustwave SpiderLabs predicts it will continue to become a bigger part of the industry as chatbots and language translation methods are implemented to improve the traveler experience.
But generative AI has the ability to store lots of information, including guest data. If exposed, this data could be used by cybercriminals to commit identity theft and other crimes. LLMs make it easy to customize these attacks.
Trustwave SpiderLabs advises using security tools or partners capable of detecting advanced phishing measures, controlling supply chains, monitoring all AI systems used and implementing in-house protocols to limit the risks.
How contactless technology increases risk
Like generative AI, contactless technology (mobile payment, mobile check-in, mobile reservations) has become increasingly popular after the pandemic.
This involves a lot of stored data and the risk of a complete system shutdown due to the interconnectivity of hotel systems if cybercriminals break into a company’s system. Some of these attacks could come from phishing emails containing malware.
Among measures to mitigate risk, Trustwave SpiderLabs advises implementing permanent security policies, performing regular vulnerability testing, ensuring servers are behind a firewall, and disabling access to the Internet if it is not a priority for certain devices.