Skip to main content

Home/ Hospitality Technology/ Group items tagged cybersecurity

Rss Feed Group items tagged

alexsolano36

Why Cybersecurity Isn't Only a Tech Problem - 0 views

  • By now, most accept that they need to invest significant cash and resources into cybersecurity capabilities
  • ather than the full C-suite and board.
  • we’re failing at cybersecurity
  • ...27 more annotations...
  • today as comparable to trench warfare in World War I.
  • First, no company has all of the resources to fix every cybersecurity issue, and not all fixes are equally important.
  • starting with a company’s most critical business activities and how cyber attacks could disrupt them that one can start to prioritize this whole process of risk mitigation.
  • skip the ste
  • focusing on individual technologies t
  • without ever addressing the fundamental issue, which is protecting the business activities for which the computers were procured.
  • hey translate in their minds being compliant with requirements as equivalent to being adequately protected.
  • nds up actually diminishing the security of these companies, as opposed to achieving its goal of increasing protection.
  • cybersecurity has been, it’s come out of the technology department.
  • versus one that’s related to any other complex business risk that a company might face.
  • eally large cybersecurity budgets, don’t nearly get the cyber protection benefit that they should, given the dollars that they spend.
  • with r
  • $3 million a year on cyber threat intelligence.
  • And that really starts with looking at cyber risks as a business risk that could come and occur as a result of a cyber attack.
  • to help quantify what those risks are, and bringing an IT department and your cybersecurity resources to understand what the threat environment might by that might affect those risks in some way or make them to come about.
  • this perception on the part of non-technical business leaders that the cybersecurity field is so complex, so impenetrable that they would never be able to understand
  • And so, the cybersecurity team decided to put the network used for the development of new automobiles inside their corporate network, because they thought, ah, at attacker would need to go through two networks in order to be able to then steal information.
  • cybersecurity people had no idea how the companies that they worked for actually design cars, and so they proposed security mechanisms that both interfered with work and ended up resulting in the company being more vulnerable because all of these outsiders now had complete access to the corporate intranet globally.
  • You know, we’ve found that cybersecurity writ large is full of platitudes that seem obvious and compelling at first read, but if you think about them more thoughtfully, they’re sometimes misinformed.
  • , informing employees about the cybersecurity implications of their own work
  • but also who your adversaries are. H
  • Another avenue that companies can take is, is there anything about the business that the company is in, the way in which it operates, that might attract some sort of attacker.
  • In all areas of risk, whether it be financial risk, physical risk, or cyberrisk, there are no guarantees that what you do will be sufficient to fend off the attack that you actually face.
  • , you need to have cybersecurity reviews as you change your business, just like you look at other risks when you’re making changes to your business.
  • Based on our experience, when a company is looking for a home for the cybersecurity organization, they should first look at where their most significant cyber risks reside.
  • A company needs to have the technical capabilities to respond to the most likely forms of cyber attack on their most critical business activities.
  • instead of telling me what vulnerabilities need to be fixed with whatever priority
  •  
    This article talks about how companies make the grave mistake of thinking that cybersecurity is merely an issue that should be addressed by an IT team and that no one else is responsible for addressing risks and understanding them. Most C-suite employees don't understand what the risks are, and usually these risks vary from company to company. It is not that you should only consider that you can get hacked, but you should consider and identify what kinds of information can get hacked and why. The article denotes an example of an Asian automobile company that needed to implement a new system to mitigate security risks and in the process, ended up locking up other companies who needed to use their systems to find out about their products. So those companies started to create fake profiles to try and access the information -- all so that they could just do their job. This showed that people are more interested in just getting their job done than understanding cybersecurity and why certain systems are in place. The way of thinking up security systems should be creative and involve all parts of an organization. Departments won't know what their role is until they identify what information is important to them, what their purpose is in the company, and what is valuable to them. By identifying this, they can come up with ways to secure this information and monitor its delivery. Businesses don't look at cybersecurity as a risk of their business just as a shipping company would look at weather risks as a potential threat to their revenue. It is looked at as more of an abstract concept and this stops people from implementing successful strategies to keep their information safe. Cybersecurity shouldn't be viewed as "so impenetrable" that no one would ever understand it. This requires everyone to get involved and understand the implications of cybersecurity on their own work, specifically, and identify who their main adversaries may be.
jorgeegutivav

Meeting the Threat in 2019: Cybersecurity for the Hospitality Sector | Modern Restauran... - 0 views

  • With a reputation as less well guarded than similar institutions, hospitality companies are a popular target for cyberattacks.
  • Experts warn other hackers, like those working for a nation-state, could exploit hospitality breaches like Marriott’s to acquire details on the travel and spending habits of espionage targets, like CEOs and diplomats.
  • permeable security in the hospitality sector threatens consumer privacy, shareholder value, and national security.
  • ...15 more annotations...
  • many hospitality companies are reconsidering their cybersecurity infrastructure. However, industry specific challenges like high employee turnover continue to expose the sector.[6]Additionally, even by adopting cutting-edge cybersecurity technologies, the important question of strategic implementation remains.
  • Are newly introduced technologies simply bolstering traditional methods of cybersecurity, or are they being used for methods of cybersecurity that are new and innovative, instead of simply faster or more efficient versions of the same product?
  • Traditional cybersecurity approaches are focused on reporting about intrusions after the fact, in what is known as an “incident response.”
  • Regardless of how they gain access, once an attacker is discovered, the forensics about the attack, including basic information known as Indicators of Compromise (IOCs) like IP addresses, domain names, or malware hashes, are shared across the cybersecurity community. These IOCs are then used broadly to thwart future attacks. 
  • The problems with this approach are twofold:
  • someone has to be a victim first so that IOCs can be derived and shared with others; additionally, blocking IOCs has a very short half-life.
  • All an adversary has to do is come from a new IP address or recompile their malware so that it has a new hash value (both of which are extremely trivial) and their attacks will sail through defenses that depend on IOCs.
  • As hackers repeatedly gain access to valuable systems and data using the same methods, cybersecurity teams continue to chase after them to secure compromised systems.
  • Very little cybersecurity effort is put towards addressing the methods used by adversaries; instead, security teams are locked in a pattern of waiting for inevitable attacks, trying to minimize the damage they cause, ensuring that remediation occurs as quickly as possible, and blocking only exactly identical attacks.
  • Incident response only helps prevent attacks that exactly replicate past ones.
  • a more proactive, sophisticated approach is needed. It will need to be designed to successfully recognize adversary methodology (and all the manners in which an adversary attempts to obfuscate their methodology) before attacks occur and at a meaningful scale.
  • Instead of seeking discrete, static IoCs based solely on what has already occurred, proactive cybersecurity analysts can instead use the intelligence they have derived about adversaries’ methodologies – commonly referred to as tactics, techniques, and procedures (TTP). 
  • From these TTPs, analysts can identify the general form and components of an adversary campaign. In addition, they can determine abstract indicators like how the adversary is attempting to hide his actions. 
  •  A proactive cybersecurity tool would be able to recognize possible adversary TTPs and indicators that describe a threat (or threatening behavior) in general terms. The system would then act on any traffic which met this pattern before it reaches inside a network, as the attack occurs, and do so in a way invisible to adversaries.
  • Using this basic model, a cybersecurity tool could truly prevent common exploits before they were executed, and could even predict and protect against future, not yet seen exploits.
  •  
    In the wake of the Marriott International cyberattack, the article presents the issues with the current issues in the methodology of cybersecurity; first explaining the data of how popular they are in the hospitality industry, and what it means for the industry, before going into the process of how a cyberattack happens and the measures taken to prevent it. Traditional cybersecurity is one of an "incident response" which can only be implemented once a cyberattack occurs and can only prevent it temporarily as a hacker can do similar tasks with different IP addresses and new malware. In order to circumvent this failure of cybersecurity, the article offers a new method in which TTPs (tactics, techniques, and procedures), are used to identify certain components of a hacker and identify how they would carry out an attack, before acting on it before the attack would "reach the network".
  •  
    This article discusses one of the largest fears of most hospitality firms, and that is keeping their client's personal information private. Most large companies in this industry have become giant data centers for the personal information of millions of people. Breaches of this type of information place the lives of many people at stake. For example, Marriott International had a security breach of over half a billion of its clients which began in 2014 and was not detected until September of this year. Keeping an individual's information away from malignant forces is just plain business sense and any more attacks of this manner will severely hurt the reputation of the business experiencing it.
rhoff019

Council Post: Cybersecurity As We Know It Is About To Change - 0 views

  • the global cybersecurity market is set to increase to $270 billion by 2026. This signals the priority boardrooms have placed on cyber risk management even as digital transformation takes place en masse.
  • COVID-19 has become the catalyst to trigger change in the ways we manage and operate technology.
  • Virtual desktops emulate a computer system so that IT can control access as such adding input/output devices as well as software and applications. This could become an important control point when remote workers are operating outside the safety of a corporate network.
  • ...15 more annotations...
  • Telecommuting Is The Only Way Of Working For Many
  • With the remote working concept taking center stage, re-evaluation of these policies is needed to address the new cyberthreats.
  • With millions of employees working from home, hackers’ focus has shifted from enterprise to remote working individuals. To handle the menace that exists in cyberspace, decentralized cybersecurity will rise where greater emphasis will be placed on data sources such as actual remote employees themselves.
  • User access controls have largely revolved around single or two-factor authentication. These methods rely on “something you know (username)” and “something you have (password).”
  • This means identity protection will be a top priority, and the best defense should involve building authentication systems that focus on “who you are.” This would require advanced biometric solutions such as fingerprint/thumbprint/handprint, retina, iris, voice and other facial recognition technologies.
  • The current state of privacy regulations is designed around the enterprise network and building the proverbial wall to keep sensitive data out of prying eyes.
  • With swift digitalization, security controls will shift to data sources, similar to the trend witnessed in IoT.
  • From a risk management perspective, global privacy policies will need to encapsulate standard operating procedures regarding BYOD, GDPR compliance and state privacy laws.
  • The shift to cloud services offers employees, customers, suppliers and everyone else across the ecosystem a seamless and frictionless way to access data and applications. Remote access by various users would compound security challenges and present many new potential attack vectors. In the post-pandemic world, IT resources could shift toward data, particularly keeping data secure across cloud platforms.
  • This will facilitate cybersecurity teams to apply varied access controls and demarcate data storage to minimize the risk of cyber intrusion and data breach.
  • Innovative technologies such as ML/AI and AR/VR will see greater adoption. As we have already witnessed, video conferencing applications will continue to rise as non-contact interactions surge.
  • Sectors such as retail, hospitality and manufacturing will layer their adoption of robotics with added AR/VR capabilities.
  • Cybersecurity teams that are saddled with an events-based approach will be overly burdened with triages when a cyber breach occurs. By embracing an intelligence-driven approach, businesses can digitalize confidently with external threat intelligence as the guiding beacon.
  • Social engineering techniques to trick untrained and unsuspecting employees, third parties and contractors into releasing confidential information or letting an intruder into a corporate network will also intensify accordingly.
  • Cybersecurity awareness training for people across the entire supply chain and ecosystem will prevail.
  •  
    By 2026, the investment in cybersecurity will increase to $270 billion globally. After the COVID-19 pandemic companies will need to reevaluate their cybersecurity systems to adapt to telecommuting as many companies will have some of their employees working from home. Biometric security such as a fingerprint or iris scan will become more common as the typical password will no longer be as secure as it once was.
anaslip

Meeting the Threat in 2019: Cybersecurity for the Hospitality Sector | Hospitality Tech... - 0 views

  • Meeting the Threat in 2019: Cybersecurity for the Hospitality Sector
  • Marriott International revealed that a massive cyberattack compromised personal information for up to half a billion individual guests of its properties.[1] The data breach ranks as the second largest known theft of sensitive personal records to date.
  • This marks the second major cybersecurity failure for Starwood, the Marriott division affected. Before being acquired by Marriott in 2016, the company’s cash register system was penetrated by malware looking to steal credit card information. [3] Other major organizations in the hospitality industry, including Hilton and Hyatt, have reported similar attacks. In 2017, for example, Holiday Inn parent company InterContinental Hotels discovered a breach lasting three months and affecting 1,200 properties. With a reputation as less well guarded than similar institutions, hospitality companies are a popular target for cyberattacks.
  • ...5 more annotations...
  • Experts warn other hackers, like those working for a nation-state, could exploit hospitality breaches like Marriott’s to acquire details on the travel and spending habits of espionage targets, like CEOs and diplomats.
  • However, industry specific challenges like high employee turnover continue to expose the sector.[6] Additionally, even by adopting cutting-edge cybersecurity technologies, the important question of strategic implementation remains.
  • Traditional cybersecurity approaches are focused on reporting about intrusions after the fact, in what is known as an “incident response.” What this means is that an adversary—commonly referred to as a “hacker”—finds some way to gain access to a target and compromises it. The target can be accessed through vulnerabilities in web frameworks, internet browsers, or internet infrastructure such as routers and modems. Regardless of how they gain access, once an attacker is discovered, the forensics about the attack, including basic information known as Indicators of Compromise (IOCs) like IP addresses, domain names, or malware hashes, are shared across the cybersecurity community. These IOCs are then used broadly to thwart future attacks.
  • Rather than rely solely on the incident response and recovery methods that have been used for many years, a more proactive, sophisticated approach is needed. It will need to be designed to successfully recognize adversary methodology (and all the manners in which an adversary attempts to obfuscate their methodology) before attacks occur and at a meaningful scale. This kind of approach, when paired with incident response tactics, could provide true security to vulnerable, critical networks.
  • A TTP-based cybersecurity tool would work in concert with existing incident response, internally-focused cybersecurity efforts, adding a layer of prevention over the top of this vital but flawed process.
  •  
    In today's world no business entity is impervious to cyber-attacks. Marriot, Hilton and InterContential Hotel Groups were all recently affected by such acts. The traditional cyber-attack method which the hospitality industry employs is oftentimes simply a reaction to the attack- "incident responses". Instead, the industry needs to shift its focus and allocate resources to aid prevention of future of attacks. This new focus was be surrounding tactics, techniques and procedures (TTP) - the ability to identify adversary and implement the necessary processes to hinder attacks.
  •  
    This article tells us about the importance of having a good cybersecurity. There are some big hospitality companies like Marriott and Hilton which have revealed that many cyberattackes compromised personal information for many guests and that cybersecurity has to be improved.
shawndab

Cybersecurity revenues in tourism to exceed $2B - hotelbusiness.com - 0 views

  • cybersecurity will generate revenues of $2.1 billion in 2025 in the travel and tourism industry, up from $1.4 billion in 2021, forecasts GlobalData, a leading data and analytics company.
  • highlights the growing demand for cybersecurity products and services by travel and tourism companies in order to protect their customers’ personal data.
  • Travelers now expect a seamless experience while traveling, resulting in companies using technologies such as Internet of Things (IoT) and cloud. However, this has made the sector vulnerable to cybercriminals as these technologies collect more personal and sensitive but valuable data.”
  • ...5 more annotations...
  • not only are customers put at risk, but so is an entire company’s reputation.
  • A string of high-profile attacks in the industry has led to the scrutinization of cybersecurity strategies, with regulators now clamping down and fining companies that fail to protect their customers’ data.
  • Therefore, the risk of cyber-ignorance is escalating, and tourism companies need to start taking cybersecurity seriously.
  • “Effective cybersecurity strategies must involve contingency planning, as merely investigating an attack in its aftermath
  • “Hiring a CISO is a good start but if travel and tourism companies want to prove that they are committed to cybersecurity,
  •  
    This article is about the demand for cybersecurity products and services. Using more technology has made our industry more vulnerable and a lack of protected data can leave a company's reputation at risk. It mentioned how cyber-ignorance can be more costly in the long run. Hotels need a contingency plan to be proactive and not reactive.
jordanskj

10 Ways to Reduce Cybersecurity Risk for Your Organization | UpGuard - 0 views

  • ‍Cybersecurity breaches have been on the rise, and it's expected that by 2023, they'll have grown to 15.4 million
  • Make sure all your sensitive data is encrypted
  • Saving your data in normal-text format only makes it easy for hackers to access
  • ...10 more annotations...
  • Some data encryption software even lets you know when other people try to alter or tamper with the information
  • You should also conduct regular backups for your important information
  • statistics show that over 3.4 billion phishing emails are sent globally
  • a hacker may send an email impersonating leaders in the organization asking for personal details
  • make sure you use a patch management system to automatically manage all updates and uphold information security
  • over 80% of organizational data breaches result from weak passwords
  • Chances are that your cyber security is highly dependent on third-party vendors, which is why you can’t afford to ignore vendor risk management
  • Conduct a security assessment and determine whether your critical infrastructure is safe from security breaches.
  • have your IT security teams analyze all server logs frequently and conduct cybersecurity framework audits to make sure their integrity is intact.
  • you should defend your networks from cyber attacks by installing firewalls
  •  
    In this article, the author discusses many different ways to help a business reduce their risk for cyber attacks. The article touches on a statistic about cybersecurity, stating "During the first half of 2021 alone, over 118 million people were impacted by data breaches". There is quick talk about how the policies that a business implements is the make or break of the cybersecurity for your business. For example, one of the main tips to reduce cyber attacks in your business is to make sure your data is encrypted. "Saving your data in normal-text format only makes it easy for hackers to access. Data encryption, on the other hand, limits data access to parties that have the encryption key". Another tip to prevent cyberattacks highlighted in the article is to keep all your employees educated and informed about malicious emails. Conducting regular employee trainings about the dangers of these types of emails could save your business. These types of emails are known to send links that could hack the system, as well as pretend to be higher-up employees in the company asking for personal data or financial information. The article is extremely educational to every business, as well as just the everyday consumer. Keeping your confidential information as confidential as physically possible is very much doable, as long as you make sure you follow these 10 simple tips.
Yueyu Peng

What Recruiters Need To Know About What Makes Cybersecurity Unique - 0 views

  • Cybersecurity is under pressure. There are an increasing number of attacks, an increasing amount of regulation and a predicted skills shortage of 1.8 million workers by 2022.
  • Just knowing about the job or the client is not enough; they expect their recruitment partner to know details about a huge number of qualifications and different security tools.
  • Candidates can obtain job offers very quickly, and there is a gap between the number of vacancies and the number of skilled people available.
  • ...5 more annotations...
  • Unemployment within cybersecurity is effectively zero,
  • gender diversity
  • We discovered that the number of women in cybersecurity has increased from 11% to 18% since 2011.
  • Paying the right amount for the role shows candidates that you understand their industry, which is very important to them.
  • Candidates can obtain multiple job offers within weeks of applying for a job. At the senior end of the market, this takes a little longer due to the number of roles available. They will still most likely have several opportunities tracking.
  •  
    This article is about the cybersecurity recruitment. It point out some points to ask the recruiters to pay attention.
upasnab

Routier joins forces with Cybint to protect user data | Hotel Management - 1 views

  • Routier has partnered with Cybint, a cybersecurity education company, for integrated cybersecurity into the Routier interface and hospitality management software. The partnership was formed in the wake of an increased cyberattacks on user data in the travel and hotel industries.
  • Our partnership with Cybint and the addition of its cybersecurity educational programming will help secure and protect end users in the wake of the Marriott [International] hacking scandal,
  •  
    This recent article talks about the partnership which was formed due to the recent Marriott International hacking scandal. Cybint, military trained cybersecurity experts, and Routier, a service which provides hotels with engagement, operational and marketing products, have joined forces to prevent such future attacks. Routier co-founder and CEO Gal Bareket states "Our partnership with Cybint and the addition of its cybersecurity educational programming will help secure and protect end users in the wake of the Marriott [International] hacking scandal,". The article further highlights other benefits of this union between Cybint and Routier such as cyber literacy courses and hands on simulator labs for cybersecurity professionals. The article also highlights the prime features and services provided by both Cybint and Routier.
teresaricks

Cyber Security In The Hotel Industry | protel - 4 views

  • And phishing isn’t the only strategy these computer thugs use, either. Just about every hotel in the world could be vulnerable to malware, ransomware, spam, hacking and social engineering. 
  • The argument for educating staff on cybersecurity is a simple one: if staff don’t know how to recognize a security threat, how can they be expected to avoid it, report it, or remove it?
  • the 2019 State of IT Security Survey found that email security and staff training were listed as the top problems faced by IT security professionals.
  • ...16 more annotations...
  • Yet, more than 30% of staff surveyed by Wombat Security Technologies didn’t even know what phishing or malware was. This is probably why scams like the Business Email Compromise (BEC) result in whopping losses of over $3 billion (according to the FBI).
  • But as humans, hoteliers make mistakes, they’re trusting of fake identities, tempted by clickbait, and vulnerable to other sneaky tactics used by criminals to gain access to company information.
  • Staff need cybersecurity training to protect themselves and the hotel against cyberattacks.
  • By making employees aware of security threats, the impact they might have on your business, and what procedures to follow when a threat has been identified, you’re strengthening the most vulnerable links in the chain.
  • So how do we counter these threats? Education, education, education. 
  • To achieve these record levels of data breaches and cyber-threats, cybercriminals are focusing their attention on the manipulation of human behavior.
  • The World Economic Forum in their latest report, The Global Risks 2019, puts cyber-attacks and data theft into the higher-than-average likelihood bracket during 2019.
  • Security awareness training is not a point event or solution, it is a process. Security awareness comes out of a series of ideas, thoughts, and preparations that are used to develop a holistic security awareness training program.
  • Identify the Specific Cybersecurity Needs of the Hotel/Property   
  • Include Cybersecurity Awareness Training During Onboarding
  • Cover Relevant Topics
  • Make Staff Cybersecurity Training An Ongoing Process
  • We all make mistakes and occasionally slip up. It is really important that staff know that they can come to you and that they are free to report problems without there being a risk of them losing their jobs. This will come from your personal management style. 
  • Cybersecurity is everyone’s responsibility, whether you are C-level, management, accounting, housekeeping, maintenance, or reception, it does not matter. Everyone needs to be made aware of the hotel’s individual cybersecurity policies, attitude, and culture. 
  • Continuously send reminders via email, Slack, or any other messenger your hotel may be using with reminders to change passwords, to update anti-virus programs, and with information about the latest phishing techniques.
  • If you create a culture of cybersecurity awareness within your organization, then the chances of your organization becoming a victim are greatly reduced.
  •  
    This article stresses the importance of providing cybersecurity training to staff in the hospitality industry.
ahart054

How Hotel Cybersecurity Threats Have Changed During the Pandemic - 0 views

  • Hotel industry cybersecurity experts say both the "nature and velocity" of cybersecurity threats have changed for the worse during the course of the COVID-19 pandemic.
  • the onset of the pandemic spurred many bad actors to quickly pivot and use "COVID as a theme and as a way to try to infiltrate their way into hotels."
  • He said the volume of threats and who they threatened also shifted.
  •  
    Cybersecurity has changed both in nature and velocity during the COVID-10 pandemic. Hackers used COVID-19 to contact hotels under the guise of safety and security suggesting products to sell. There have also been an increase in phishing attacks at the outset of the COVID-19 pandemic. The threats targeted financial instruments such as loyalty points conduct fraud, to credit card information. The good news is both Hyatt and Choice hotels have executives that buy into the importance of cybersecurity.
armanyleblanc767

Data Security in Hospitality: Risks and Best Practices - 0 views

  • Best practices for companies in the hospitality sector to protect data include:
  • Always encrypt payment card information. Operate a continuous training program in cybersecurity to maintain a well-trained workforce. Always adhere to relevant regulations, such as PCI DSS. Use cybersecurity measures such as firewalls, network monitoring, anti-malware, and traffic filtering to protect against common threats. Conduct tests against your organization’s cybersecurity defenses in which you mirror the behavior of an actual hacker. Know where your data is and enforce the principle of least privileges to limit access to sensitive information.
  • From the perspective of cybercriminals, hospitality appears to offer an ideal target vector for conducting crimes such as identity theft and credit card fraud due to the existence of multiple databases and devices containing both Payment Card Information (PCI) and Personally Identifiable Information (PII).
  • ...23 more annotations...
  • five of the biggest data security concerns in the hospitality industry and highlights some best practices for protecting hospitality data.
  • Data Security Concerns in Hospitality
  • complex ownership structures
  • groups may use different computer systems to store information, and the information can also frequently move across those systems.
  • Reliance on Paying By Card
  • t was reported in 2017 that out of 21 of the most high-profile hotel company data breaches that have occurred since 2010, 20 of them were a result of malware affecting POS systems.
  • can go unnoticed for months.
  • High Staff Turnover
  • In the U.K., for example, the job turnover rate in hospitality is as high as 90 percent.
  • challenge to maintain teams of well-trained staff.
  • Compliance
  • Insider Threats
  • t involves employees selling data to third parties without the knowledge of the organization that employs them.
  • Hotels, motels, resorts, and rented apartment complexes all gather and electronically store a range of sensitive personal guest data, such as names, phone numbers, addresses, and credit card details.
  • A case in point was the Wyndham Worldwide breaches of 2008 and 2010. Hackers gained access to the systems of an individual operating company through easily guessed passwords, and the attack easily proliferated through the entire corporate network, with the result that 619,000 customers had their information compromised.
  • Each of these groups may use different computer systems to store information, and the information can also frequently move across those systems.
  • ospitality appears to offer an ideal target vector for conducting crimes such as identity theft and credit card fraud due to the existence of multiple databases and devices containing both Payment Card Information (PCI) and Personally Identifiable Information (PII).
  • ybercriminals use this reliance on cards to infect point-of-sale (POS) systems with malware that steals credit and debit card information by scraping the data
  • The high level of turnover and high degree of staff movement between different locations makes it a real challenge to maintain teams of well-trained staff
  • While GDPR protects individual data within the EU and EEA, its ramifications have rippled through industries globally, and organizations are realizing the need to put greater compliance measures in place. PCI DSS is another important global regulation that protects credit card data, and fines for non-compliance begin at $500,000 per incident. The risk here is not just to data security but to the future survivability of hospitality companies, many of which would not be able to absorb the s
  • This type of data risk is more subtle and it involves employees selling data to third parties without the knowledge of the organization that employs them
  • Always encrypt payment ca
  • rd information. Operate a continuous training program in cybersecurity to maintain a well-trained workforce. Always adhere to relevant regulations, such as PCI DSS. Use cybersecurity measures such as firewalls, network monitoring, anti-malware, and traffic filtering to protect against common threats. Conduct tests against your organization’s cybersecurity defenses in which you mirror the behavior of an actual hacker. Know where your data is and enforce the principle of least privileges to limit access to sensitive information.
  •  
    This article highlights several important security issues in the hospitality industry, followed by the practice of protecting data from loss. The data structure of the hotel industry is complex, customers mainly use bank cards to pay, and the staff turnover rate is high. There are certain internal threats. In order to solve these problems and avoid data loss, it is not enough to strengthen network security. It is also important that employees are trained and familiar with and comply with relevant regulations.
  • ...3 more comments...
  •  
    Data security is a major issue in the hospitality industry. A lot of personal information is stored on the computers specifically credit card information of the guests staying at the hotel. It is the responsibility of the hotel to ensure that the data is protected. High turnover rate in the industry can make this an even bigger challenge. Ensuring that your staff is properly trained to ensure the highest level of security is maintained is highly important.
  •  
    This article speaks about the data security concerns in hospitality. Restaurants, hotels, and other companies in the hospitality sector often have complex ownership structures in which there's a franchisor and a management company that acts as the operator. Businesses use different computer systems to store information. The nature of the hospitality industry is such that it is extremely reliant on cards as a form of payment. Cybercriminals use this reliance on cards to infect point-of-sale (POS) systems with malware that steals credit and debit card information by scraping the data. A vital part of protecting data is training staff to securely gather and store personal information. Well-trained staff also know how to recognize social engineering attempts and they understand an organization's compliance requirements. Data security risks in the hospitality industry extend far beyond the reputation hit that a hotel can take if guests' data is compromised. Industry and political regulators are becoming stricter in governing how organizations process and store personal data. Some of the best practices for companies in the hospitality industry to use are: always encrypt payment card info, operate training programs in cybersecurity regularly to keep everyone informed, adhere to regulations, know where the data is, and enforce limit access to sensitive info, and more.
  •  
    This article explains how data security is at an all time high in the hospitality industry. Focuses on the 5 security concerns and what are some practices that leadership can help employees detect when someone is trying to hack into sensitive information. Also, making sure employees are in compliance with company policy when leaving the company if they have access to sensitive data and making sure employees are not using to their advantage when leaving the company.
  •  
    Hospitality offers an ideal target vector for conducting Cyber crimes such as identity theft and credit card fraud due to the existence of multiple databases and devices containing both Payment Card Information (PCI) and Personally Identifiable Information (PII). Restaurants, hotels, and other companies in the hospitality sector often have complex ownership structures with an individual owner or group of owners, and a management company that acts as the operator. Each of these groups may use different computer systems to store information, and the information can also frequently move across those systems.
  •  
    In this article, we learn about the top five data security risks as well as best practices to help prevent data breaches. According to the article, the hospitality industry is a prime target since it stores a vast amount of sensitive guest information like names, phone numbers, addresses, and credit card numbers. Some of the five risks included complex ownership structures, reliance on paying by card, and insider threats to name a few. In order to avoid these threats, the article suggest that companies become PCI compliant, use cybersecurity measures like firewalls, and know where exactly their data is stored.
jalilahst

NIST Offers Cybersecurity Guide Tailored to the Hospitality Industry - Homeland Securit... - 0 views

  • “Our practice guide documents how we enabled cybersecurity concepts such as zero trust architecture, moving target defense, tokenization of credit card data, and role-based authentication in a reference design that addresses cybersecurity and privacy risk
  • hospitality ranked third among industries compromised by cybersecurity breaches in 2019, and the industry suffered 13% of the total incidents
  • The design protects data moving within this environment, and it prevents user access to the various systems and services.
  • ...2 more annotations...
  •  zero trust architecture, a cybersecurity paradigm focused on resource protection. Its premise is that trust is never granted implicitly but must be continually evaluated.
  • authentication and authorization of both subject and device are required before users can access a network’s resources.
  •  
    This article is about the National Institute of Standards and Technology providing hotel owners in the hospitality industry a new practical cybersecurity guide, to reduce risks of high vulnerability that attracted target for hackers in areas such as hotel's PMS that is used to store guests' personal information and credit card data.
  •  
    Hospitality was ranked third in the top five industries to be comprised by cybersecurity breaches in 2019. Over half the breaches were attacks on on site property servers. NIST offers a guide to hotel owners to reduce risk of cyber attacks. Their guides addresses cyber and privacy risk on PMS. The PMS design protects data moving in the environment and prevents user access. Zero trust architecture requires authentication and authorization of both subject and device to access a network's resources.
lwu014

The top 10 fastest-growing cybersecurity skills | 2020-10-30 | Security Magazine - 0 views

  • The top 10 fastest-growing cybersecurity skills
  • The two fastest-growing skills, Application Development Security and Cloud Security, both involve proactively building secure systems from the start rather than responding to attacks
  • A new examination of the top 10 fastest-growing cybersecurity skills shows employers are ready to pay more for workers who can prevent attacks before they occur by building a secure digital ecosystem from the ground up, according to data from Burning Glass Technologies.
  • ...1 more annotation...
  • While many of these skills are highly technical, the demand is not limited to information technology jobs. An increasing number of job postings for attorneys, for example, require expertise in data privacy and security. J
  •  
    This article is about 10 fastest-growing cybersecurity skills in the future.
guanhuahao

Top Cybersecurity Tools for Business - 0 views

  • All cyber threats are not equal. Some may hold your data for ransom, while others may destroy your information for good.
  • Digital tech analysis firm Juniper Research predict that the cost of data breaches will rise from $3 trillion annually to over $5 trillion in 2024.
  • organizations should look to Next Generation Anti-Virus solutions (NGAV) to protect their assets. NGAV takes traditional AV and then adds advanced analytics, behavioral analysis powered in real-time by large scale cloud back-ends to thwart known and unknown attacks. Leading NGAV solutions include Sentinel One, Carbon Black, and CrowdStrike.
  • ...16 more annotations...
  • The National Institute of Standards and Technology (NIST) offers cybersecurity guidelines for best practices to manage cyber risk. These include identify, protect, detect, respond and recover. Another resource is the NCSA’s national program, CyberSecure My Business.
  • Firewall Often referred to as a company's "first line of defense," a firewall is a security control that filters and screens network traffic entering and exiting your corporate network.
  • People can rely on the password manager to create and store dozens of passwords in an encrypted database without having to remember them.
  • Password managers are quite helpful, and some are even free.
  • store the first part of sensitive site passwords
  • but keep the last few digits memorized and fill them manually.
  • This way, if there is ever a compromise of the password database, hackers don't have those full passwords.
  • You should also consider implementing multi-factor authentication (MFA). MFA authentication uses more than one thing or "factor" to log you in
  • , biometrics is part of this last category
  • SPAM & Malware filters screen email for unwanted and dangerous elements, blocking them before they ever reach your users.
  • In the world of cybersecurity, there's a phrase, "humans are the weakest link." An employee who accidentally clicks on the wrong link or email attachment can put in motion a chain of events that results in a cyber breach. Security awareness training is an anti-phishing tactic all organizations should employ.
  • RDP access must be protected by a VPN connection.
  • reduce the risk of getting hacked is to ensure your systems and software are updated regularly, or "patched.
  • patching shouldn't end with the operating system. Your patch program should also look to patch all other applications running on your systems
  • regardless of the security tools implemented to prevent a data breach, you should plan for a compromise occurring.  
  • That's where 24/7/365 network and endpoint monitoring comes in
  •  
    Cyber attacks open more and more often and varied since cybercriminals are becoming more cunning and their methods more challenging to detect. This article introduces some types of strategies implemented to protect companies' businesses from cyber threats and cybercriminals. Including using Anti-virus software, firewalls, password managers (very useful while some even free), VPN, patch management program which not only for operating program but also for other applications running on your system, consider the email SPAM/Malware filters and security awareness training for the employee since "humans are the weakest link." An employee who accidentally clicks on the wrong link can put in motion a chain of events that results in a cyber breach. Finally, plan a 24/7/365 network and endpoint monitoring.
cleon087

Cybersecurity at Hotels: 6 Threats For Hotels to Manage - 0 views

  • hishing att
  • Ransomware
  • Point of sale/ payment card attacks
  • ...21 more annotations...
  • DarkHotel hacking
  • Customer data/ identity theft 
  • Over that past few years, the industry’s most well-known brands have all been victims of cybercrime.
    • kaylaabad
       
      The hospitality industry is a huge target for cybersecurity breaches
  • Phishing refers to the sending/receiving of emails that appear to be from a genuine source.
    • kaylaabad
       
      Phishing: Phishing refers to the sending/receiving of emails that appear to be from a genuine source.
    • cleon087
       
      It is important to know about what this means
  • intends to convince the recipient that he/she should share information
    • kaylaabad
       
      Goal of phishing: to be information from recipients
  • In recent years, this threat has become increasingly sophisticated, with attacks targeting those in authority. The aim is to take over a user’s email account to send bogus emails to colleagues. These emails often attempt to persuade recipients to authorize transactions, which are ordered from above.
    • kaylaabad
       
      Phishing example in the industry: In recent years, this threat has become increasingly sophisticated, with attacks targeting those in authority. The aim is to take over a user's email account to send bogus emails to colleagues. These emails often attempt to persuade recipients to authorize transactions, which are ordered from above.
  • Hotels that have fallen foul to this crime have in the past paid more than $17,000 to be able to let guests into their rooms and create electronic keys.
    • kaylaabad
       
      Ransomware - Hotels that have fallen foul to this crime have in the past paid more than $17,000 to be able to let guests into their rooms and create electronic keys.
  • Cybersecurity for hotels should always include a process to mitigate any compromised systems should they go down in a DDoS attack.
    • kaylaabad
       
      distributed denial of service attack
  • Cybersecurity issues of this nature, often result in customers being out of pocket, and the media getting involved. Which, of course, means bad press for a hotel. Furthermore, there could be financial implications for the business.
    • kaylaabad
       
      POS attacks: Cybersecurity issues of this nature, often result in customers being out of pocket, and the media getting involved. Which, of course, means bad press for a hotel. Furthermore, there could be financial implications for the business.
  • The attacks use forged digital certificates to convince victims that a software download is safe.
    • kaylaabad
       
      DarkHotel hacking: The attacks use forged digital certificates to convince victims that a software download is safe.
  • Protecting the identity and information of a customer is paramount to the success of any business and hotels ar eno exception.
    • kaylaabad
       
      Protecting the identity and information of a customer is paramount to the success of any business and hotels ar eno exception.
  • That is often passwords and financial information; this scam is one of the oldest on the internet.
    • cleon087
       
      It is important to be informed of this type of attack as a hotel owner because your holding sensitive information.
  • taking information and certain systems hostage. The purpose of this attack was to gain financially from those who paid the demanded figure to free their data/systems.
    • cleon087
       
      A lot of times that ask for a ransom and you pay and still you don't get access back to your computer. Also they can take credit card information and use guest credit cards.
  • Every day regular items such as sprinkler systems to security cameras are vulnerable to hijack. After which, entire computer systems can be made to come crashing down.
    • cleon087
       
      Having access to cameras is concerning because this is sensitive information. They can get access to private areas of the hotel and use it to their advantage.
  • And that means somewhere there is a weakness in the system which has been revealed by human error.
    • cleon087
       
      This is why it is important to invest in the security because you don't want your guest to experience this.
  • criminals use a hotels Wi-Fi to target business guests.
    • cleon087
       
      This is scary because people go to hotels to get a vacation and they trust the hotel.
  • ncourage guests to use virtual private networks (VPN) if they plan on conducting business with sensitive data.
  • Especially when there are criminals from all over the world trying to steal identities, and credit card data.
  • his crime is forever changing.
  • for hotels, an almost perpetual arms-race to secure both data and networks.
    • cleon087
       
      This is why it is important to be up to date.
  • Phishing refers to the sending/receiving of emails that appear to be from a genuine source
  •  
    This article lists of some common security breaches that hoteliers need to be aware of and prepare the hotel system for.
  •  
    This article talks about how cybersecurity can critically affect hospitality businesses if they are not careful about what ways could attack their business.
  •  
    As the article states, "Protecting the identity and information of a customer is paramount to the success of any business and hotels are no exceptions." Quite unfortunately, cybersecurity issues are some of the biggest obstacles that hotels are experiencing nowadays. With hacking attacks such as phishing and ransomware, hotels need to invest in increasing their cybersecurity as any breach can lead to a downfall in business loyalty and brand.
jackyreis

The Cybersecurity 202: Facebook disclosed a major hack very quickly. But the alert was ... - 0 views

  • The Cybersecurity 202: Facebook disclosed a major hack very quickly. But the alert was short on details.
  • It took just three days for Facebook to notify authorities and the public that  hackers had compromised as many as 50 million user accounts on the social media platform.
  • Facebook leaders did not have enough information to paint a clear picture of the hack and the risk to its users during the announcement.
  • ...12 more annotations...
  • Europe’s new privacy law, the General Data Protection Regulation, imposes massive fines on companies if they don’t notify privacy regulators about a data breach within 72 hours. The rule took effect in May and applies to any company with E.U. customers. U.S. lawmakers have proposed similar a 72-hour rule to replace the patchwork of state data breach laws that exist here
  • The company said Friday it had notified European data privacy regulators of the breach, in accordance with GDPR. Shortly after doing so, Ireland’s Data Protection Commission, the watchdog that monitors Facebook’s GDPR compliance, said Facebook’s disclosure “lacks detail” and criticized the company for being “unable to clarify the nature of the breach and the risk for users at this point.”
  •  Equifax waited six weeks to reveal that the Social Security numbers and other sensitive information on 143 million Americans had been exposed in a data breach. Uber waited a year to reveal a hack affecting tens of millions of drivers — and just last week paid a $148 million settlement in connection with the incident. Yahoo also paid a fine earlier this year for waiting two years to tell investors that Russian hackers stole information on 500 million users. 
  • Wray stressed that cyberattacks and theft of intellectual property can inflict long-term damage on American companies,
  • No country poses a broader, more severe intelligence collection threat than China.
  • The Energy Department on Monday announced awards of up to $28 million to help fund 11 cybersecurity research projects to strengthen the defenses of America's critical energy infrastructure,
  • Karen Evans, the assistant secretary for the department's Office of Cybersecurity, Energy Security, and Emergency Response, said “energy cybersecurity and resilience” is one of the “most important security challenges” that the United States faces.
  • “The frequency, scale, and sophistication of cyber threats have increased and attacks can be much easier to launch,”
  • “Cyber incidents have the potential to interrupt energy services, damage highly specialized equipment and threaten human health and safety.”
  • The Senate Commerce Committee should hear from consumer privacy experts as lawmakers consider whether to develop data privacy legislation, a coalition of consumer and privacy groups said Monday
  • And while civilian agencies generally face the most lopsided age disparities, the importance departments place on building a long-term talent pipeline varies greatly
  • That means federal technologists at or approaching retirement age outnumbered their 20-something counterparts roughly 4.6 to 1.”
  •  
    This article highlights the importance of announcing a security breach quickly, and explains the argument on whether it needs to be carefully analyzed before releasing the breach. It explains the importance of releasing the understanding of a hack as quickly as possible to maintain people's information (i.e. bank information) safe.
mcont036

Cybersecurity guide for the hospitality industry - Help Net Security - 1 views

  • A practical cybersecurity guide from the National Institute of Standards and Technology (NIST) can help hotel owners reduce the risks to a highly vulnerable and attractive target for hackers: the hotel property management system
  • allowing hotel owners to control and limit access to their PMS and protect guest privacy and payment card information.
  • According to a recent industry report, hospitality ranked third among industries compromised by cybersecurity breaches in 2019, and the industry suffered 13% of the total incidents.
  • ...3 more annotations...
  • About two-thirds of these breaches were attacks on corporate servers, which often store guest information and communicate with on-site property management systems.
  • The design protects data moving within this environment, and it prevents user access to the various systems and services.
  • “Zero trust principles mean access is not granted to devices or user accounts based solely on their physical or network location or who owns them. Instead, authentication and authorization of both subject and device are required before users can access a network’s resources
  •  
    The National Institute of Standards and Technology created a practical cybersecurity guide to help hotel owners protect their PMS from hackers. Hotel owners can learn to protect the privacy of the data stored in their systems, which is highly vulnerable. The guide also advocates for the zero trust principle, which dictates that access to a system is never fully granted, but must be continually evaluated through authentication and authorization.
allisonweets

Guests: Hotels are not investing enough in cybersecurity | Hotel Management - 0 views

  • More than 22 million U.S. travelers self-report as being the victim of a cyberattack through their business with hotels, according to the Morphisec 2019 Hospitality Guest Threat Index.
  • Following the Marriott International/Starwood Hotels & Resorts Worldwide breach that was discovered nearly a year ago, U.S. Commerce Secretary Wilbur Ross noted that “many companies have been scrimping on the cybersecurity budget” — both in the hospitality sector and beyond.
  • Millennials (24- to 35-year-olds) believe they are most vulnerable to a cybersecurity breach when staying at a traditional hotel rather than when booking with Airbnb.
  • ...4 more annotations...
  • Almost 60 percent of consumers said restaurant point-of-sale systems are the most susceptible to cyberattacks within the hospitality industry.
  • More than 25 million U.S. consumers self-reported that a restaurant visit has resulted in a data breach.
  • Earlier this year, Morphisec discovered FIN8, a cybercrime group most known for targeting the retail industry, was actively targeting POS systems within hospitality companies in the U.S. and abroad.
  • “Increasingly, attackers are targeting weakly defended point-of-sale systems as an entry point into the broader hospitality organization network. With many POS devices in the hospitality industry still running on Windows 7 or even Windows XP-based embedded operating systems, they are increasingly vulnerable to breaches, and cybercrime groups are taking notice.”
  •  
    This article discuss the idea that cybersecurity has been neglected according to consumers and more emphasis should be placed on protecting their private information. It has been found that point-of-sale systems are the most common victims of these breaches, and most often at restaurants. Attackers are targeting systems with weak points and outdated software, making them at a considerably higher risk for breaches and cybercrime. Companies must start investing more in heightened security measures in order to retain consumer loyalty.
ovila009

5 biggest cybersecurity threats | 2021-02-03 | Security Magazine - 0 views

  • Since the beginning of the pandemic, the FBI has seen a fourfold increase in cybersecurity complaints, whereas the global losses from cybercrime exceeded $1 trillion in 2020. 
  • In 2020, almost a third of the breaches incorporated social engineering techniques, of which 90% were phishing.
  • Ransomware is a data-encrypting program that demands payment to release the infected data. The overall sum of ransom demands will have reached $1.4 billion in 2020, with an average sum to rectify the damage reaching up to $1.45 million.
  • ...5 more annotations...
  • here were 4.83 million DDoS attacks attempted in the first half of 2020 alone and each hour of service disruption may have cost businesses as much as $100k on average.
  • Third party software. The top 30 ecommerce retailers in the US are connected to 1,131 third-party resources each and 23% of those assets have at least one critical vulnerability.
  • umber of the attempted breaches grew by 250% compared to 2019.
  • The global market for cloud computing is estimated to grow 17% this year, totaling $227.8 billion.
  • To strengthen the cloud computing defenses in the future, stakeholders should pay attention to proper cloud storage configuration,
  •  
    This article breaks down the 5 largest threats we face in terms of cybersecurity. Since the pandemic started, cybersecurity complaints have increased fourfold. These losses are piling up dramatically, necessitating an increased level of vigilance and preparedness.
anonymous

Survey Shows US Cybersecurity Attacks Costing Orgs More Money - 0 views

  • Survey Shows US Cybersecurity Attacks Costing Orgs More Money
  • Cybersecurity attacks are leading to estimated financial losses of an average of $884,000, according to an IDG survey.
  • "As organizations prepare for various attacks and breaches, hackers continue to be savvier in their approaches,”
  • ...6 more annotations...
  • “Resilient organizations must have all employees embrace security practices, from awareness training to behavior monitoring to gap protections."
  • Firewalls, spam filtering, network-based antivirus tools, access controls, and encryption were listed as the most effective solutions for detecting or deterring external threat factors.
  • The top three types of cybersecurity incidents also differ depending on whether it was an insider or outsider threat. The report found that outsider threats tend to consist of the following: Unauthorized access to/use of information, systems, or networks Customer records compromised or stolen Confidential records (trade secrets or intellectual property) compromised or stolen
  • The average cost of a data breach is $3.62 million globally, according to the 2017 Cost of a Data Breach Study: Global Overview sponsored by IBM Security and conducted by Ponemon Institute.
  • "Data breaches and the implications associated continue to be an unfortunate reality for today's businesses," Ponemon Institute Chairman and Founder Dr. Larry Ponemon said in a statement. "Year-over-year we see the tremendous cost burden that organizations face following a data breach.”
  • Cybersecurity incidents stemming from insider threats will include private or sensitive information being unintentionally exposed, customer records being compromised or stolen, and employee records being compromised or stolen.
1 - 20 of 132 Next › Last »
Showing 20 items per page