Group items tagged

(1 of 2) "The hospitality sector has always been a popular target for cyberattacks." This is the first line of this Recorded Future article published in January. The article discusses breaches that happened for both Marriott and British Airways and how this is a regular occurrence in the industry as it is such a big target with so many possible points that can be attacked. While the statistics for the hospitality industry have improved greatly in the last decade, in 2019, they were still accounting for 10% of all breaches. Not only does a breach affect the way an organization operates, but also it also severely effects their bottom-line and takes quite a but of time for them to recover. "According to Ponemon's 2019 Cost of a Data Breach Report, the average hospitality data breach costs $1.99 million to contain, at a cost per record of $123. These high costs are due in part to the time needed to adequately respond to a breach. On average, it takes 200 days to identify a hospitality data breach and a further 75 days to contain it." The article continues by stating that hackers are typically seeking payment card data when compromising the hospitality industry.

(2 of 2) The article then discusses the many reasons why it is so difficult for hospitality-oriented companies to secure their assets versus other organizations of similar stature. Some of these reasons include the large, complex networks which are typically publicly accessible and contain many customers in the databases, the fact that customers are always onsite and so are attackers, the high turnover leading to inconsistent training and sharing of credentials, franchisers owning the responsibility of security yet not knowing much about it, and the risk associated with all of the various third parties the hotels do business with. While intelligence has come a very long, "security professionals in the industry are tasked with defending highly complex networks with many endpoints against a constant barrage of attacks and a constantly churning workforce… [AND] they have limited security resources to work with." Comprehensive security intelligence systems are now capable of protecting many aspects of the organization. Some of these updated features include responding rapidly to security incidents, blocking online brand abuse and impersonation, managing third-party risk, reducing breach containment times, and better allocating security resources. Property data security is so important to the hospitality industry. If a business does not take the proper precautions to protect their systems and their customers, then it could lead to a devastating event for the business. While security intelligence has progressed within the last decade, a business needs to make sure that they have chosen a reliable agent to partner with who will produce consistent service. If the business keeps up with their system updates and protections, they should not have to worry about their security system failing.

According to this article, the hospitality industry has one of the highest numbers of security breaches. Due to the nature of the business, credit card fraud and identity theft crimes seem to be an ideal target for cybercriminals. Humor error, high turnover rate, and insider threats are just a few primary factors for security breaches within the hospitality sector. The consequences of data breaches can have a long lasting impact on the company, including, customer trust, tarnished brand reputation and legal and financial problems. As we all know, hotel owners and operators do not want anything to impact their revenue. Encryption of credit card information, operating a continuous training program in cybersecurity, adhering to relevant regulations, using firewalls, and a detailed response plan in the event that a data breach should occur are a few practices the hotel sector can implement to mitigate a cyber attacks.

The recent cyberattack at Marriott International Inc. has many hoteliers wondering what are the legal and business risks associated with security attacks? The recent breach at Marriott further proves the point that businesses should prepare now or be willing to pay for it later. In November 2018, the Bethesda, MD-based hotel company revealed there had been unauthorized access to the Starwood guest reservation database, which contained guest information relating to reservations at Starwood properties on or before Sept. 10, 2018. Businesses face a multitude of risk when looking at the potential consequences resulting from a cyberattack or breach. As we've seen recently with the Marriott breach, there can be significant impact to brand equity in the marketplace. This impact can be far reaching for publicly traded businesses, resulting in material impacts to businesses and business valuation, and long-term impact to user adoption. In addition to the downside risk from the market, businesses must also mount expensive defenses against litigation that increasingly takes the form of class actions. Reputation is important in every trade but is especially important in the hospitality industry. This, coupled with the fact that consumers are becoming more sensitive to privacy and security related issues, means that businesses in the hospitality industry must manage against these types of risk and allocate appropriate levels of funding toward information security. What should hoteliers learn from the Marriott breach? Pay attention. Marriott was aware that there was a potential issue shortly after it acquired Starwood, but did not, apparently, investigate in detail. Marriott may not have created the problem, but it bought the problem and didn't treat it with the seriousness that was necessary.

Bitsight examines the 2018 Marriott reservation management database breach. Using the breach as an example, this article shows how poorly the hospitality and tourism industry performs in cybersecurity versus other sectors.

This article discusses the liability for a cyber breach at various branded hotels between the franchise owner or the corporation. The Trustwave 2016 Global Security Report stated that the hospitality industry had the second largest amount of data breaches. Additionally, more than half of the breaches are from a corporate/internal network breach. According to a Ponemon study, the average cost of a data breach is $4 million. While this is alarming, it is a surprise since hotels store numerous amounts of personal customer data including guest's credit card information. The article states that cyber hacks are largely due to the gap in not knowing who is responsible for the cyber security. There is an issue of control of data versus franchise network requirements. The hotel brand places individual franchisees in control of their own cyber security. However; they must rely on many centralized corporate owned reservation systems that could be possible access point for cyber attacks. The article suggests that the individual franchisee should make more effort in protecting their customers information as the hotel brand will take most of the blame. This does not help either side. Also, it mentions that in order to protect the hotel franchise it is important to have updated systems and should consider investing in cyber insurance.

In recent news, Arby's acknowledge a data breach within its restaurants. "Arby's said the breach involved malware placed on payment systems inside Arby's corporate stores, and that Arby's franchised restaurant locations were not impacted." Once figured out the company hired security experts to solve the problem. The initial sign of breach came from a service organization that serves more than 800 credit unions called PSCU. An alert was sent to all cardholders that a fast food chain had been compromised, but no specifics were mentioned. This article points out that, "point of sale malware has driven most of the major retail industry credit card breaches over the past two years." Monitoring your credit/debit card transactions is the best way to be safe in this situation- as long as you report the fraudulent charges you aren't liable. While IT has many positives for any organization, it's not risk adverse. Once a system is hacked all information of company and past users is up for grabs, and credit card companies are forced to take the blow.

This article highlights the importance of announcing a security breach quickly, and explains the argument on whether it needs to be carefully analyzed before releasing the breach. It explains the importance of releasing the understanding of a hack as quickly as possible to maintain people's information (i.e. bank information) safe.

Marriott's data breach in 2018 exposed the information of over 500,000 guests including names, addresses, and passport numbers - leading to a class-action lawsuit and falling share values. The California Consumer Privacy Act, taking effect in 2020, gives Californians the right to know what information is collected about them and where this information goes. Amazon, Facebook, Google, Microsoft, Twitter, Uber, AT&T and Verizon are lobbying against the CCPA, but data-security regulations are being enacted regardless to protect customers against these breaches.

This article discuss the idea that cybersecurity has been neglected according to consumers and more emphasis should be placed on protecting their private information. It has been found that point-of-sale systems are the most common victims of these breaches, and most often at restaurants. Attackers are targeting systems with weak points and outdated software, making them at a considerably higher risk for breaches and cybercrime. Companies must start investing more in heightened security measures in order to retain consumer loyalty.

MGM Resorts falls victim to data breach last summer, more than 10 million customers' information were leaked out. It was took place through "unauthorized access to a cloud server." However, specialist said this breach can be avoided by regularly checking and monitoring. Also, specialist advised that MGM also need to take same security levels for data on premise in their could.

It was reported that MGM Resorts fell victim to a data breach on a cloud server but not much critical guest information was leaked out. Experts said that this kind of breach can be avoided by checking who was able to access the server regularly. Also, the company needs to monitor data to find out the leakage earlier than anyone else. Monitoring the data stored on the cloud should also be as important as those stored on-site.

the article gives details about a data security breach that the company was a victim of and how information of 10 million customers were shared .

Marriott suffered a massive data breach, affecting approximately 5.2 million customers. "ATO attacks are a major threat to any business." This is the second time Marriott has suffered a massive data breach in the past two years. Marriott has responded accordingly to this incident.

POS breach at White Lodging, huge important personal information was stolen and was able to access for over 7 months. White Lodging hire third party security firm to protect customers.The key to managing the risks are keeping monitoring systems and updating software. Besides, insurance is available to protect against costs for data breaches.

White Lodging, which manages hotels under Hilton, Marriott, and Sheraton brand hotels, has suspected a credit and debit card breach. Fourteen hotels have named where "the suspected breach of point of sales systems" occurred. The security breached occurred form March 20 to December 16, 2013.

This article talks about how there is a serious concern in the hotel industry when it comes to credit card and identity theft. They talk about how all the major brands in the hotel industry were all victims of highly publicized, major breaches in the last year alone. Also, including airline and banks, hotels maintain a wealthy amount of database of personal and financial data. For example, with new technology systems being created, POS systems are a weak security point for many networks because they are constantly in use and are not always updated or even protected from vulnerabilities. The article talks about personal details for hotel guests are frequently stored in a variety of locations including restaurants, facilities, and government buildings, so hackers have a greater possibility to access your personal information. The bigger hotels are in more danger because of the volume of guests that come in and out of the location. Smaller hotels should be concerned not just about their security but also by ransomware, an increasingly favorable tactic to extort hoteliers by hackers who encrypt the hotels data making it inaccessible until ransom is paid for. I believe hotels need a toolbelt of various securtiy technologies that can be used to prevent future malicious attacks. I think by managing and implementing a firewall is essential which helps get rid of dangerous traffic from coming onto the network and preventing sensitive data from being hacked.

MOD 10: This article discusses the main tactics of cyber hackers that target hotels. Point of sale (POS) systems are easy targets for hackers due to their constant use during operation hours and because of that their security measures aren't always up to date. Hotels have large data banks since they're storing consumer profile information such as home addresses, phone numbers and credit card numbers. There's a large risk when it comes to security breaches within franchises because they have access to their parent company's regional, national and global systems. If their systems are hacked and breached, then that puts the whole system of the brand at risk. Security breaches within a system can also damage a brands reputation with the public. According to the article, "Recent major breaches at Fortune 500 companies and household names across the retail, restaurant and hotel sectors demonstrate that anti-virus, anti-malware and firewalls alone are not enough to secure businesses from the ever-evolving threat landscape." Smaller properties are even at a greater risk because not only do they have to monitor their compliance with PCI but also monitoring their security systems for their database and PMS system. Some of the recommended software's that should be used by hotels looking to be proactive with their company's cyber security is File Integrity Monitoring(FIM), Unified Threat Management(UTM), and Security Information and Event Management(SIEM).

This article explores the different tactics hotels should use after a cyber attack. The article mentions several different type of attacks such as Phishing when hackers trick customers into giving up their login credentials. Ransomware, when hackers encrypt data making it unusable and inaccessible for the hotel. Not one solution but rather companies should be equipped with a series of technologies from firewalls to file monitoring programs. Some of these technologies, like SIEM requires an intelligent IT team to have the capabilities of analyzing and monitoring the reports produced. This may be more difficult for smaller businesses to implement and maintain.

This article describes the vulnerabilities in the security systems of the hotel Industry. The POS system was recognized as one of the most vulnerable areas that are more targeted by hackers. This is due to the multiple stations where the POS systems are located on the premises of the hotel. Likewise having POS systems independent of the hotels security system left the system open to hackers. Two options to defending the cyber-defense, are digital walls and employee training. Digital walls works by keeping hackers from accessing the systems. Although even with a strong firewall it is recommended to implement point-to-point encryption (P2PE), this encrypts payment information of guest. the other is tokenization. This uses alphanumeric pseudonym to protect data stored for long periods of time. Another way to prevent cyberattacks is employee training, encourage the use of strong passwords an dhow to detect fraud and phishing attacks.

This is an article providing a very high-level introduction to the potential risks faced by the hotel industry from cybersecurity. It outlines some initial steps that hotel companies might consider in their risk-management process and also gives some very specific examples of risk related to franchise contracts.

This article discusses a recent cyber-attack on ICH that is believed to have been a ransomware attack. It's stated that hospitality is the 8th most targeted sector for ransomware as of recently. The recent attack on ICH 4,053 users and 15 employees were compromised, which is actually far less than their last attack in 2016 that effected 1,175 properties. Hotels must take as much precaution as possible against cyber attacks because not only does it decrease their bookings, but they can also be charged millions in fines for information breaches.

The article discusses what practices should hotels adopt to protect their guests, in a world where lodging accommodations are a primary target for criminals and where customers see security as an important factor in decision making. Data breaches can happen online and in the physical world, hospitality companies have to look beyond security software and put into place policies for data storage and disposal of sensitive information, as well as, properly training for employees in information security practices, like proper information handling, and the ability to phishing scams or suspicious emails. In order to ensure that physical or digital sensitive information won't fall on the wrong hands.

This article discusses the importance of data security in hotels and what makes it so attractive to hackers/thieves. The article mentions that about 36% of hospitality businesses don't deem data breaches a big deal. If this mentality continues, more and more data breaches will occur for the company that doesn't take data privacy seriously. The hospitality industry has tons of sensitive data about guests stored online and offline, making it a goldmine for data thieves. Organizations need to take precautions like adequately training employees in order to avoid costly security breaches.

The hotel is a perfect place for hackers to attack because they have easy access to retrieve thousands of guest information including credit card information, billing addresses, and much more personal information. Nicholas Percoco, senior vice president of Trustwave's SpiderLabs, mentioned that the credit card and debit card information is the most in demand by hackers because it is easiest to turn into cash quickly. There are three main steps in a typical data breach and how attackers mostly operate at each level: initial entry, data harvesting, and exfiltration. Close to half of these attacks occur via remote access applications, of which 90 percent exploit default or weak passwords. Around 42 percent of attacks occurred via third-party connections; 6 percent via SQL injection; 4 percent via exposed services; and 2 percent via remote file inclusion attacks. Interestingly, less than 1 percent began with an email Trojan. As an IT manager of the hotel, it is crucial to recognize how serious the consequences are for the hotel should the data not be protected well. 

Hey all, here is an article I found that talks about hackers taking over the hospitality industry. It mentions how hackers main objective is to gain access to debit accounts and gain access to customer cash. Also, hackers are also able to infiltrate POS systems along with other valuable technology with in the hospitality industry. Nearly half of these attacks occur via remote access applications, of which 90 percent exploit default or weak passwords, according to the report. Around 42 percent of attacks occurred via third-party connections; 6 percent, SQL injection; 4 percent, exposed services; and 2 percent, remote file inclusion attacks. Interestingly, less than 1 percent began with an email Trojan.

hackers are EVERYWHERE!

In a report generated by Trustwave Global Security shows that about 94% of POS hacks are contributed by weak remote access. The hospitality industry seems to have taken the hardest hit. We know of the grueling schedules that come with working in our industry and how we all can't be there seven days a week. So when management are in the comfort of their relaxation area and remotely access the POS systems, they seem to be leaving the doors open for hackers to enter, as well. "In a breakdown of types of IT environments most frequently compromised, POS systems and assets were associated with 95 percent of breaches in the food and beverage industry" (Pham). One popular hospitality establishment that has reported a breach is the New York location of Eataly. The thought process behind why these hacks are happening has not been figured out yet, but the idea has been tossed around that it is because of the credentials used to remote access. The temporary solution is to create a double layer security system, also known as two-factor authentication. By doing it this way, you can log in using your credentials, but then have a second login that needs to be verified by way of sending codes and authentications to technologies that you would have in your possession (cell phones, emails, etc.) so no one else can access that information.