Group items tagged

As we begin to discuss cyber security this week, I found this article on increasing number of cyberattacks very eye opening. It was no surprise that due to an increase in technology usage, new risks would present themselves to organizations. However, the number of compromised records has sky rocketed to say the least, increasing by over 164 percent from 2016 to 2017. The article goes on to say, "cyber security is no longer a reactive measure, but a requirement for companies, and consumers." CFOs now even consider cyber attacks to be the number one external risk factor for businesses. Overall, its certain organizations today should budget for effective cyber security, in order to prevent any potentially harmful cyber attacks in the future. 

Cybercriminals are constantly coming up with novel schemes to kidnap their victims. A recent cyberattack on a five-star resort should act as a cautionary tale for your company. In Oregon, the Allison Inn & Spa recently became the target of a ransomware assault that revealed the personal data of its staff and visitors. The stolen data was published in easily accessible form on the public internet and includes details from 1,500 employees and more than 2,500 guests, including dates of the guests' hotel stays as well as employee birthdays, phone numbers, and Social Security numbers. The "dark web" is typically the only place where stolen private information like this is released, making it harder to find through regular online searches. The goal of the cybercriminals was to coerce the company into paying a ransom. The public disclosure of the private visitor and staff information seems to have been an "experiment" to see if it would increase pressure on the company to pay the ransom. Cybercriminals may use this new strategy frequently in the future to demand ransom from their victims. The implementation of thorough cybersecurity risk management procedures should be considered by resorts. In the event of a cybersecurity attack, determine which systems were affected by the attack and immediately isolate them. Then, prioritize those systems for restoration and recovery. After which, involve internal and external stakeholders and retain legal counsel for advice. It is crucial that you hire a third-party incident response provider and notify law enforcement. Multifactor authentication should be used by businesses to protect network access, and they should also annually train all staff in cybersecurity best practices and keep offline encrypted backups of all internal data.

I was very intrigued with this article, as Braun mentions cyberattacks on hotels in a very straightforward manner. Hotels are in a competition of enhancing their technology everyday, however, with this enhancement comes more of a liability of getting cyber hacked. In addition, our industry deals with a lot of third party companies, making it easier to hack information as well. As Braun mentions, attacks nowadays, are not only for credit card information, but also simple data on guests, such as passwords to loyalty programs, and other credentials. Therefore, as technology grows, the only thing predictable is that hacks will get more dangerous. So, the one true thing our industry must do is prepare ourselves as best as we can. 

This article discusses ways that the travel industry can combat cyberthreats. The main cyber concern for hotels' is phishing, which is a scam that collects credit card information by pretending to be apart of a hotel's front desk staff. The article mentions that IT departments should do routinely updates to operating systems and back up data and files. Employees should also be trained to help prevent data breaches. The author briefly touched on what to do when your hotel system is hacked and even dives into how the airline industry is still very unequipped to handle cyberattacks and threats. This is a great read to learn how to keep up with best security practices in the hospitality and tourism industry.

The recent cyberattack at Marriott International Inc. has many hoteliers wondering what are the legal and business risks associated with security attacks? The recent breach at Marriott further proves the point that businesses should prepare now or be willing to pay for it later. In November 2018, the Bethesda, MD-based hotel company revealed there had been unauthorized access to the Starwood guest reservation database, which contained guest information relating to reservations at Starwood properties on or before Sept. 10, 2018. Businesses face a multitude of risk when looking at the potential consequences resulting from a cyberattack or breach. As we've seen recently with the Marriott breach, there can be significant impact to brand equity in the marketplace. This impact can be far reaching for publicly traded businesses, resulting in material impacts to businesses and business valuation, and long-term impact to user adoption. In addition to the downside risk from the market, businesses must also mount expensive defenses against litigation that increasingly takes the form of class actions. Reputation is important in every trade but is especially important in the hospitality industry. This, coupled with the fact that consumers are becoming more sensitive to privacy and security related issues, means that businesses in the hospitality industry must manage against these types of risk and allocate appropriate levels of funding toward information security. What should hoteliers learn from the Marriott breach? Pay attention. Marriott was aware that there was a potential issue shortly after it acquired Starwood, but did not, apparently, investigate in detail. Marriott may not have created the problem, but it bought the problem and didn't treat it with the seriousness that was necessary.

In the wake of the Marriott International cyberattack, the article presents the issues with the current issues in the methodology of cybersecurity; first explaining the data of how popular they are in the hospitality industry, and what it means for the industry, before going into the process of how a cyberattack happens and the measures taken to prevent it. Traditional cybersecurity is one of an "incident response" which can only be implemented once a cyberattack occurs and can only prevent it temporarily as a hacker can do similar tasks with different IP addresses and new malware. In order to circumvent this failure of cybersecurity, the article offers a new method in which TTPs (tactics, techniques, and procedures), are used to identify certain components of a hacker and identify how they would carry out an attack, before acting on it before the attack would "reach the network".

This article discusses one of the largest fears of most hospitality firms, and that is keeping their client's personal information private. Most large companies in this industry have become giant data centers for the personal information of millions of people. Breaches of this type of information place the lives of many people at stake. For example, Marriott International had a security breach of over half a billion of its clients which began in 2014 and was not detected until September of this year. Keeping an individual's information away from malignant forces is just plain business sense and any more attacks of this manner will severely hurt the reputation of the business experiencing it.

Talks about the effects and the importance of being prepared for a cyber attack.

In today's world no business entity is impervious to cyber-attacks. Marriot, Hilton and InterContential Hotel Groups were all recently affected by such acts. The traditional cyber-attack method which the hospitality industry employs is oftentimes simply a reaction to the attack- "incident responses". Instead, the industry needs to shift its focus and allocate resources to aid prevention of future of attacks. This new focus was be surrounding tactics, techniques and procedures (TTP) - the ability to identify adversary and implement the necessary processes to hinder attacks.

This article tells us about the importance of having a good cybersecurity. There are some big hospitality companies like Marriott and Hilton which have revealed that many cyberattackes compromised personal information for many guests and that cybersecurity has to be improved.

Cyberattacks on health organizations. These organizations need to implement better data protection. Personal and medical data has been hacked and there is a continuous effort put forth to breach the systems that house this information. With more and more companies researching potential vaccines and remedies for Covid, now more than ever, organizations must have more than just cloud backups; disaster recovery plans should include offsite backups at a minimum.

This article describes the destructive effects of cyber attacks on enterprises, especially small and medium-sized enterprises. Because it does not have sufficient prevention and sufficient resources for disaster recovery. The most direct cause of current cyber attacks is that people open some risky websites or emails in the wrong place. For the hospitality industry, there is a large amount of customer privacy and sensitive information. Once attacked, its destructiveness is unimaginable. And to protect consumer data, most service industries just comply with local state laws, but most state laws have not made greater progress in information protection. Therefore, enterprises should protect themselves and their customers from cyber threats from the three aspects of their own network endpoints, disaster recovery and education.

Cyber-attacks has become an increasing problem within the US and the lack of unfulfilled jobs regarding cyber security poses just as big, if not bigger, of a problem. All states, besides Maine, are in dire need to fulfill jobs across the private business sector and government related positions. At this point, many companies, including the government, offer free training (acquiring proper certifications) in hopes of gaining more employees to help with the fight against cyber war.

The hospitality industry is a major target for cyberattacks, resulting in sensitive guest information being compromised. When these attacks happen it leaves guests restless, because they know or believe their information is not safe. This article discusses this issue and how security can be improved to avoid these attacks.

The article titled, "Improving data security in the hotel industry lets guests sleep peacefully" shows how the breach of data security can be anywhere. As technologies improve, so do ways in which cyber security can become at stake. According to this article, "Hotels are obligated to maintain the physical security of guests and their belongings during their stay-if guests don't feel safe staying in their room or leaving their belongings there, they won't continue to patronize that hotel brand. The same thinking applies to data security: If guests aren't convinced that the hotel is keeping their personal and financial data secure, they will take their business elsewhere". Thus, hotels need to make sure they are safeguarding information such as their payment information as well as other confidential information. Hackers are becoming even more sophisticated, where they can target specific industries, such as hotel industries since guests speak with hotel representatives over the phone to provide payment information. In the even that a hotel's data has been compromised, what is its responsibility? First, they should send the client a letter of apology, and then handle the complete process efficiently, so the client can at least feel they re supported. The avoidance and handling of data breach is becoming even more common nowadays with the rise of technology.

Several different hotel chains have fallen victim to hackers who have stolen the personal information of their guests therefore Hyatt is taking matters into their own hands. The hotel chain is offering a bug bounty program via HackerOne which will reward ethical hackers with monetary compensation for reporting flaws in their network and programs. They will then take the information that these hackers provide them with & work to strengthen the weaknesses in their cyber security.

This article discuss the idea that cybersecurity has been neglected according to consumers and more emphasis should be placed on protecting their private information. It has been found that point-of-sale systems are the most common victims of these breaches, and most often at restaurants. Attackers are targeting systems with weak points and outdated software, making them at a considerably higher risk for breaches and cybercrime. Companies must start investing more in heightened security measures in order to retain consumer loyalty.

This article remenisces on the biggest data breaches of 2019 where millions of people's social security numbers, financial data, medical records, and private information were exposed. Some of the 2019 data breach were cuased by third party app developers or hackers working alone. The data breach happened with Facebook, Capital One, Canva, Quest Diagnostics and DoorDash

I found with this article that cyber attacks are becoming alarmingly more common than we have prepared ourselves for. Businesses now need to invest in their own cyber security department or, as the article suggests, apply a cyber security budget to each department. With security budgets predicted to increase 14%, money should be collected through the customers over a lifetime of the customer so that the budget is continually there. I found this article to stand out to me because I never thought of cyber security being so crucial, but it easily makes sense. I think a lot of business lack in providing the proper amount of security to prevent cyber attacks. Personally, I never heard of a cyber security department so this was new for me to read about.

This article lists and describes cyber threats that have occurred on companies in 2020. It is very important to note that big companies have been impacted by security breaches. In the article it stated that since work has changed to a "work from home" approach, there has been a raise in cyberattacks and security breaches.