2017 Threat Assessment Guide for the Travel and Hospitality Industry

Media Division | May 2, 2017

Cyber attacks continue to become more and more prevalent in this day and age.  As we continue to increasingly implement technology in various areas and industries, cyber attackers launch their malicious barrages more fiercely.  There are several industries which tend to get more of the brunt when it comes to cyber attacks.  One that gets quite heavily targeted is the travel and hospitality industry, and we have already seen several attacks upon this industry this year alone.

There are several reasons as to why this industry is so frequently hit by cyber attacks.  One of the largest is likely that they hold a large amount of sensitive and valuable information, which is a treasure trove of illicit gains for cyber attackers. For instance, these types of organizations can hold information such as names, addresses, Social Security numbers, passport data, credit card data, and much more.  This can all be used by attackers for malicious purposes such as fraud, identity theft, or they could sell it on the black market for large amounts of money.

The Most Prominent Threats

Because of the above, these types of organizations face a large amount of threats.  They need to stay aware of the various types of threats that are frequently targeting their industry. The threat landscape alters and fluctuates each year, and the industry must stay on top of the threats that are currently of extant danger.

  • Ransomware – Ransomware continues to be a large threat for most organizations, but the travel and hospitality industry has already seen a multitude of these attacks even in just the few months of this new year. Ransomware is used to lock up their systems until they pay obscene amounts of money, with one hotel even being unable to make new key cards for guests due to their system being infected.
  • Third Party Vendors – When enlisting or partnering with a third party vendor, organizations need to review the cyber security of said vendor as well. A third party vendor that has access to an organization’s systems or networks can easily be a potential vulnerability when not properly secured. Abta, a travel trade organization, suffered a huge breach earlier this year as a result of a vulnerability with a third party vendor that handled their website.
  • Phishing – Phishing has consistently been a highly employed method to infect systems and networks with malware and other threats. It continues to be an extant method of attack this year as well.  There have already been several instances of hotels falling victim to phishing attacks this year.
  • Point-Of-Sale (POS) Exploits – POS systems are of course large targets for cyber attackers, as it allows them to purloin the details of individual’s credit cards. Attackers can use several methods to target these, but they often employ phishing attacks to attempt to gain access. The recent breach of Intercontinental Hotels Group involved a malware infection of their payment systems located at front desks, which affected around 1,200 hotels.

How to Benefit from a Security Threat Assessment

Of course, there are many other potential threats to this industry that need to be defended from as well.  The above can be implemented into a threat assessment checklist to ensure that all points are covered in regard to these threats.  A security threat assessment provides data in regard particular threats that are likely to be targeted at an industry, organization, type of data etc.  This way, any weaknesses to these threats can then be fortified.  For a more detailed approach, Massive Alliance offers comprehensive threat assessment services that can scour the web for various threats in different sectors.

Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.