Group items tagged

The Cyber-security Market report has predicted worldwide spending on cyber-security will surpass $1 trillion by 2021. This is a result of annual cyber-attacks costing $9.5 million in global damages. The many solutions on the market require cyber-security services to be innovative on how they market. Cyber security companies want to stand out to customers while still remaining credible. Many businesses are also uneducated and/or don't prioritize cyber-security. The use of blogs and downloadable e-books allow marketers to educate while promoting their product. Cyber security marketers have to make sure they have an easy user-interface, use data in messaging, and don't over exaggerate the capabilities of their products.

This article discusses the liability for a cyber breach at various branded hotels between the franchise owner or the corporation. The Trustwave 2016 Global Security Report stated that the hospitality industry had the second largest amount of data breaches. Additionally, more than half of the breaches are from a corporate/internal network breach. According to a Ponemon study, the average cost of a data breach is $4 million. While this is alarming, it is a surprise since hotels store numerous amounts of personal customer data including guest's credit card information. The article states that cyber hacks are largely due to the gap in not knowing who is responsible for the cyber security. There is an issue of control of data versus franchise network requirements. The hotel brand places individual franchisees in control of their own cyber security. However; they must rely on many centralized corporate owned reservation systems that could be possible access point for cyber attacks. The article suggests that the individual franchisee should make more effort in protecting their customers information as the hotel brand will take most of the blame. This does not help either side. Also, it mentions that in order to protect the hotel franchise it is important to have updated systems and should consider investing in cyber insurance.

The article by, a financial policy author, explains in detail the extent of cyber-attacks in the hospitality industry. The article explains that the hospitality industry is more prone to cyber-attacks, given the nature of information most of the organizations generate daily in their operations. The article explains that most organizations in the hospitality industry may not be aware that they have already been hacked. The article emphasizes the importance of internal audits and the critical evaluation of cyber footprints in hospitality organizations to minimize cyber-attacks. The author of the article delves into the cybersecurity risk factors in the hospitality industry and reports about the UAE IAA members' seminar which was aimed at sharing information and networking with a focus on building cyber-resilience against cyber-attacks. The article shows the prevalence of cyber-attacks in the hospitality industry noting that each stolen data record costs an average of $148 with the average cost of a cyber-attack being valued at over 3 million dollars (Karantzavelou, 2020). The article quotes a statement by the Jumeirah group chief internal audit officer who asserts that protection against cyber threats should be the DNA of every organization, and they should be continuously on the lookout for potential threats and ensure adequate protection. Members in the seminar advised on the importance of having internal auditors to provide assurance, suitable frameworks, and to set up controls to mitigate key cybersecurity risks. The article explains that hotels are prone to Cyber-attacks since they collect varied, valuable and sensitive customer information. The article also cites a cyber-breach in 2018 where up to 500 million customer details and passport information was compromised in an international hotel chain for up to four years continuously without detection (Karantzavelou, 2020). At the bottom line, contributors in the seminar explain the importance of cybe

I found with this article that cyber attacks are becoming alarmingly more common than we have prepared ourselves for. Businesses now need to invest in their own cyber security department or, as the article suggests, apply a cyber security budget to each department. With security budgets predicted to increase 14%, money should be collected through the customers over a lifetime of the customer so that the budget is continually there. I found this article to stand out to me because I never thought of cyber security being so crucial, but it easily makes sense. I think a lot of business lack in providing the proper amount of security to prevent cyber attacks. Personally, I never heard of a cyber security department so this was new for me to read about.

There have been many cyber-attacks in many different nations and that is for many different reasons, such as outdated, human error, and all software being in one vulnerable spot. It is important to always update your programs, use cloud computing, and to educate your personal on all cyber-attacks. It is also important for your teams to understand the "why" behind updating and cloud computing and this is to always keep an upper edge on cyber-attacks. Cyber criminals are always changing their ideas and new ways to take over networks and workday and night to find someone to slip up and it can cause the complete down fall of a company or nation.

As we begin to discuss cyber security this week, I found this article on increasing number of cyberattacks very eye opening. It was no surprise that due to an increase in technology usage, new risks would present themselves to organizations. However, the number of compromised records has sky rocketed to say the least, increasing by over 164 percent from 2016 to 2017. The article goes on to say, "cyber security is no longer a reactive measure, but a requirement for companies, and consumers." CFOs now even consider cyber attacks to be the number one external risk factor for businesses. Overall, its certain organizations today should budget for effective cyber security, in order to prevent any potentially harmful cyber attacks in the future. 

This article talks about the type of threats the hospitality industry can face, an explanation of cybersecurity, and how to protect your organization from cyber threats, especially phishing.

This article stresses the importance of cyber security specifically within the hospitality industry. The author of the article describes how a strong cyber security management system should not be an afterthought for hotels and should be seen as a cost of doing business especially in a tech driven industry. The article lists some key components and areas to focus on for hotels to manage cyber risks and threats

This article is extremely important. I feel like everyone should read it because it goes hand in hand with what we have learned this week in class. The topic of cyber security is something that people need to shift paradigms. This article brings us great points about the digital era we live in. since everything we do in business now a days has to do with technology, it is important to have security and trust in this. With the increase reliance on this technology comes a higher risk. The article brings up that awareness levels of cyber security and data privacy issues are growing at a steady pace. It is extremely important that in the hospitality industry, Businesses think about trust, confidence and brand health and reputation. This highlights the fact that it doesn't matter if security systems are costly, in the long run if something goes wrong that will end up being the most costly. The article mentions that there will be a regulation established by the EU called General Data Protection Regulation (GDPR). The purpose of the GDPR is to put people back in control of their personal information and to improve how entities look after personal information while it is in their custody. In conclusion, this gives companies a competitive advantage.

This article brings us the real version of how important to launch cyber security system, as there are actual cases in which hotel face loss because imperfect security net. Thus, the professor Mangal suggests that all hotel employees should keep an eye on the threats. At the same time when we protect our customer, we protect and branding our reputation as well. In the future, advanced technology such as biometric technology will be implemented to restrict access to data. Although hotels are unlikely to hire IT professionals directly, but they truly need cooperate with firms which specialized in cyber security, at the same time, help hotels strengthen the training of employees.

Hotels POS systems are at risk for customers. Hackers are using tactics like Phishing and ransomware. Hotels must take action and arm themselves with a "toolbelt" of security options to combat the hackers.

This article explores the issues with cyber security in the hotel industry. it is to be taken seriously because customer information is on the line and so is the company's reputation and revenue. Hotels must look into their POS systems because, according to the article, is a weak security point. However, it holds much of the consumer's information like credit card numbers, expiration dates, and etc. The POS system is vulnerable so the secuiry put in place to protect it must be updated. Personal details for hotel guests are stored in many different places in a hotel's many systems. This includes the restaurant, gift shops, billing, facilities, and etc. According to the article, hotels needs a "toolbelt" of various security technologies to prevent malicious attacks. The three mentioned in the article are File Integrity Monitoring, Unified Threat Management, and Security Information and Event Management. Please look into the article to read what each of these systems can do in regards to cyber secuity for the hospitality industry. A good way to implement these tools is to look into outsourcing a managing security firm that specializes in cyber security. This can help minimize and even diminish things that can cause breaches in systems. In my opinion, this article gives solutions to hotels in regards to cyber security. Sometimes installing a firewall or antivirus is simply not enough. A security firm that specializes in this area can be considered. It may be expensive depending on the business to do that, however, it will be even more expensive to have a tarnished reputation for not securing customer information and to deal with lawusuits.

Cyber attacks open more and more often and varied since cybercriminals are becoming more cunning and their methods more challenging to detect. This article introduces some types of strategies implemented to protect companies' businesses from cyber threats and cybercriminals. Including using Anti-virus software, firewalls, password managers (very useful while some even free), VPN, patch management program which not only for operating program but also for other applications running on your system, consider the email SPAM/Malware filters and security awareness training for the employee since "humans are the weakest link." An employee who accidentally clicks on the wrong link can put in motion a chain of events that results in a cyber breach. Finally, plan a 24/7/365 network and endpoint monitoring.

In order to combat cyber attacks within the hospitality industry, the National Restaurant Association and PCI Security Standards Council have partnered. They have created.. "Small Merchant Taskforce, which raises payment card security awareness for the hospitality industry." With cybercrime increasing it is a necessary step to take, not all businesses, especially small, can afford the "best" cyber security systems. This task force will help educate various members and help find solutions to protect businesses and customers. "A study by Verizon stated that 99 percent of breaches in 2014 were caused by known vulnerabilities with fixable patches." That being said, all business operators need to take the initiative and be proactive when it comes to handling customers' private information.

I think one the biggest issues related to cyber attacks is that owners are not aware of the issue. So it is important to educate them and help them understand the importance to budget cyber security into their expenses. I am glad that the task force is taking that step to help protect business owners and customers from cyber attacks.

Saudi Arabias national oil company, Aramco, was attacked by a computer virus, Shamoon, and it is suspected that an insider or employee assisted the hackers. The virus spread through the network and infected about 30,000 PC business computers and wiped their hardrives. This is one of the worst attacks against a single business. The hackers who claimed responsibility, The Cutting Sword of Justice, were politically motived. The companies more important documents including plant operating networks were not affected by the virus because they were on a separate and higher security network. Recently, other Middle Eastern natural gas firms with relations to Saudi Arabia have been hit by cyber attacks. Because the Aramco hackers admitted their motives against the Saudi Arabian government income sources, I think that all the cyber attacks may be politically motivated. As a Middle Eastern oil company with relations to Saudi Arabia, this is a major indication to take precautionary measures and increase network security. This attack demonstrates that no matter how much security you have in place, if an insider is willing to assist hackers or provide hackers with necessary information, you are no longer protected. It would seem imperative that employees with this access are chosen carefully or network access is very limited.

Hotel industries have been under attack from excessive hacking, as seen with Hilton being targeted for private financial information from guests. In 2014, it was noticed that hackers had been targeting Hilton throughout the course of 17 weeks. They state that the industry itself has not really focused budgeting on cyber security. It seems that the process is done by integrating a virus into these hotels POS system. The virus was actively attacking the Micros program, which was being used in more than 300,000 hotels and resorts. An ultimate treasure chest for information, some of which was not even encrypted. In addition, the virus appears in the system as a legitimate software, and then it obtains over 90 percent of stored information. This hacking is being conducted by organized groups, who moved from the retail industry because it had indeed improved its cyber security. With hotels it seems that the concept has not been taken as seriously. There are many hotels susceptible to such an attack. As long as there is a sales software, then someone is looking to get into it. A person could be sitting inside of your location, and infiltrating a guests' wireless internet, and they would not even know. In order to engage this threat, locations must be proactive in attempting to stop what is occurring. The only question is, how much are they willing to invest in cyber security?

This article talks about how companies make the grave mistake of thinking that cybersecurity is merely an issue that should be addressed by an IT team and that no one else is responsible for addressing risks and understanding them. Most C-suite employees don't understand what the risks are, and usually these risks vary from company to company. It is not that you should only consider that you can get hacked, but you should consider and identify what kinds of information can get hacked and why. The article denotes an example of an Asian automobile company that needed to implement a new system to mitigate security risks and in the process, ended up locking up other companies who needed to use their systems to find out about their products. So those companies started to create fake profiles to try and access the information -- all so that they could just do their job. This showed that people are more interested in just getting their job done than understanding cybersecurity and why certain systems are in place. The way of thinking up security systems should be creative and involve all parts of an organization. Departments won't know what their role is until they identify what information is important to them, what their purpose is in the company, and what is valuable to them. By identifying this, they can come up with ways to secure this information and monitor its delivery. Businesses don't look at cybersecurity as a risk of their business just as a shipping company would look at weather risks as a potential threat to their revenue. It is looked at as more of an abstract concept and this stops people from implementing successful strategies to keep their information safe. Cybersecurity shouldn't be viewed as "so impenetrable" that no one would ever understand it. This requires everyone to get involved and understand the implications of cybersecurity on their own work, specifically, and identify who their main adversaries may be.

The article describes the main cyber threats that the hospitality companies face. Over past few years, nearly every major hotel group has been attacked. The same is true for the F&B industry. One of the reasons for that is that the hospitality companies are the ones that process credit card information more than in any other industries. Moreover, hotels and restaurants have many access points for the malware: from wifi networks to POS's. The attackers may also use the third party suppliers (for example, OTA's) to access the hotels' systems. Verizon 2017 Security Payment Report states that less than a half of all hospitality businesses have full credit card payment security compliance. The main type of the attack is POS intrusion. Denial-of-Service Attacks constitute about 20% of the total number. Although they are not so dangerous in terms of sensitive information, they can disturb the company's operations causing significant losses as well. Thus, the hotels and restaurants need to invest in early detection protection provided by the effective firewalls and antiviruses. However, it is also very important to understand that no technology may ever fully substitute the security culture of the company's employees. Many attacks are conducted due to the personal weaknesses of the associates answering the calls, for example. So, in my opinion, in addition to the cyber security systems, there should be appropriate personnel training as well as well elaborated procedure protocols.