The hospitality business represents a profitable target for hackers’ cyberattacks: Hotels, casinos, and restaurants are interesting to cyber thieves as they frequently handle large amounts of financial transactions containing client information. Compared to banks and insurance companies which handle similar information, restaurants and resorts aren’t bound by regulations to maintain the maximum safety standards moreover they don’t have resources to develop the optimal cyber defenses. Therefore, it’s not surprising that the hospitality industry ranks highly in the “Data Breach” listing.
The hospitality industry, restaurants, and casinos experience crisis in cyber defense for a long time. Let’s have a look at the most resonant cases (includes phishing attacks, hacktivism, malware, and identity theft), that have occurred over the past few years.
2016: Kimpton Hotels and Restaurants
Malware on point of sale
Kimpton hotel and restaurant is a part of the Intercontinental Hotels Group (IHG) declared that their payment terminals had been harmed by malware. In this way, the guest’s credit card information might be compromised. Later on, the company determined and removed the malicious software that took credit and debit card details. But who knows it wasn’t too late.
2017: InterContinental Hotel Group
Remote installation of malware on point-of-sale
InterContinental Hotels Group Plc (IHG.L) claimed 1,200 hotels in the United States including Crowne Plaza and Holiday Inn were victims of cyber attack for 3 months. In that period of time, cyber thieves attempted to steal customer payment card data. The expertise conducted by an independent cyber defense team revealed that criminals were able to install malware on the servers that the hotels’ payment card processing systems relied upon, which in turn collected the data contained in credit card tracks such as card numbers, cardholder names, and verification codes. Such information may well be used to make fraudulent payments through cloned cards.
2018: Marriott International Hotel Chain
The Marriott International Hotel chain faced an enormous security breach. Sensitive data of 500 million hotel guests globally was stolen and exposed.
This compromised information had details regarding credit cards, passports, and birthdays. By 2018, it had been among the biggest data breaches reported in the media. The most frightening fact about this story is the period of time that the criminals had access to the network – about 4 years.
Cyber analysts discovered weaknesses and vulnerabilities while the Starwood reservation system had merged with the Marriot chain.
Lessons we learned
As we can know from the above-mentioned cases, many cyber attacks against the hospitality industry follow a common pattern: sending malware or virus via e-mail.
The Marriot resort chain might have been alerted to unusual entry action, even prior to the Starwood merger. Utilizing automated analysis tools, organizations could ascertain whether the original source of the attack was external or internal . Suspicious links that are not easy to detect with human intervention would have averted malicious malware at the Kimpton hotel instances. Smaller hospitality companies with limited human resources need to put money into highly-automated, artificial intelligence and machine learning options which may imitate specialist analysts and operate round the clock to restrict unauthorized remote access, enhance network security and protect against infiltration of IoT apparatus and systems.
The matters of regulations remain unsolved. The huge degree of financial transactions and their vulnerabilities due to millions of travel websites; it’s the right time to get regulated at the same level as the financial industry.