The hotel industry has suffered multiple threats in the past couple of years, one of the main being compromised cybersecurity. Hotels seem to be under attack from all angles, as the industry’s most well-known brands have all fallen victim to cybercrime. Brands are investing bigger sums and researching intensively in order to make sure they’ve done the legwork and laid out the preventing protective measures against all potential cyber attacks. Despite these defensive courses of action, threats are still out there and these are the top 6 that might still take place in your hotel.
- Phishing attacks
The sending and receiving of emails that seem to have a valid, genuine source is what phishing refers to. The person using this method intends to persuade the recipient that they should share personal information. This often means passwords, social security numbers, credit card information etc. Phishing attacks are internet criminals’ oldest trick in the book. Recent years have shown more sophistication in the performance of these attacks, with the targets being authority figures. The aim of these attacks is to gain access to a user’s email account and then take over by sending fake emails to colleagues, thus attempting to convince recipients to authorize financial transactions ordered from above.
The most recent case of ransomware attacks happened simultaneously to numerous countries and businesses all over the world, the latest being WannaCry. It posed a serious threat, as it took over information and certain systems hostage with the intent to gain financially. The goal is to make the victims pay the demanded figure in order to liberate their data or systems that have been contaminated. Your hotel might be at high risk from these types of cybersecurity failures that allow the occurrence of this type of attack. Hotels that fell victim to ransomware attacks in the past have paid large sums to hackers to be able to create electronic keys and let guests into their rooms.
Distributed denial of service attack or DDoS is another form of a very unpleasant attack used to target hotels across the world. It is considered one of the most potent weapons used by hackers and when you hear the phrase “brought down by hackers”, this usually means this type of attack took place. When utilizing this scam, hackers tend to flood or crash the websites or computers with too much traffic, thus attempting to make them unavailable or inoperable. By overwhelming the website or an online service with traffic that can involve messages, requests for connection or fake packets, hackers give the server more that it can accommodate. Hotel cybersecurity should include in any event a process that can mitigate any compromised system, should it fall victim to a DDoS attack.
- Payment Card Attacks
Point-of-sale attacks seem to be one of the biggest threats to the hotel industry nowadays, seeing that rather than attacking the hotel itself, they attack the vendor, making this type of attack a third-party crime. A third-party crime implies that there is a weakness in the system revealed by human error, which makes data breaches that affect payment cards and customer information possible. Cyber security attacks of this nature result in customers being out of pocket, but also with media involvement, which results in bad press for the hotel. Additionally, there could be financial implications for the business that might damage the reputation of the hotel. Due to data sensitivity, breaches associated with PoS attacks should be approached with the readiness to react as quickly as possible and notify the affected parties and authorities immediately in order to take appropriate actions.
- DarkHotel Hacks
The term DarkHotel is a relatively new one and it usually involves criminals using hotels Wi-Fi to target their business guests. These types of attacks typically use forged digital certificates in order to convince victims that a certain software download is secure. To enable this action, the attackers upload a malicious code to a hotel server after which the targeting of specific guests can take place. The first example of DarkHotel hacking was documented in 2007 and derived from a peer-to-peer network and spear-phishing con. In order to prevent these hacks, be sure to encourage guests to use virtual private networks or VPNs if they plan to conduct business with sensitive or confidential data.
- Customer data – identity theft
The protection of identity and personal information of customers is of utmost importance for the success of any business and the hotel industry is no exception. Hoteliers report a large number of hackings surrounding guest information, which further underlines the importance of network/cyber security. There is always a certain number of criminals aiming to steal identities and credit card data all around the world. Unfortunately, as the security measures adapt, so does the crime. In order to protect both the data and the network, be sure to inform yourself and your staff about the possible fraudulent schemes and equip your hotel properly to secure your reputation, but most importantly, the safety of your guests and their personal information.