Skip to main content

Home/ Hospitality Technology/ Group items tagged cyberthreats

Rss Feed Group items tagged

Filter: All | Bookmarks | Topics Simple Middle
ldevaul

How the travel industry can fight back against cyberthreats | SmartBrief - 1 views

www.smartbrief.com/...ight-back-against-cyberthreats

security malware spam training hospitality COVID-19 hotel travel cyberthreats phishing Technology

shared by ldevaul on 11 Oct 21 - No Cached
  • Travel and hospitality businesses have become lucrative targets in recent years for cybercriminals who have stolen from the industries in attacks that often take more than half a year to identify.
  • In the past three years alone, the hotel industry has faced 13 serious attacks, according to an IntSights study.
  • The travel and leisure sectors suffered a 155.9% year-over-year rise in suspected online fraud attempts worldwide in the second quarter, according to a TransUnion study, compared with a 16.5% increase in overall alleged intrusions.
  • ...21 more annotations...
  • The hotel industry attracts cybercriminals because it handles so many financial transactions in so many countries.
  • The top threat to hotels is phishing, a scam in which hotel guests may receive fake phone calls claiming to be from the front desk. The caller could claim that there is an issue with the credit card on file and that they need to re-verify the payment method. 
  • DarkHotel hacks are another significant threat. These target travelers via hotel Wi-Fi. Digital certificates are sent to guests, like a familiar adobe update, which will retrieve sensitive information. Hotel chains are combating these hacks by suggesting that guests use a virtual private network.
  • Malware (malicious software) is something criminals email employees, under the guise of the attachment or link looking innocent or legitimate. But when the user opens the file or clicks on the link, their system (and more) can be hacked into by the criminal.
  • IT department should routinely update operating systems and back up data and files, and every employee should double-check sources when asked for software administrative permissions. Also, strong firewalls can limit bad traffic and provide security. 
  • Software and hardware can help prevent breaches, but employee training is also an essential part of any hotel’s cybersecurity.
  • In 2018, a Marriott reservation system was hacked. More than 500 million customer records, including credit card information and passport numbers, were stolen. The company said the hack went back four years prior to the discovery and, when it was noticed, the company started using computer and mobile device monitoring software.
  • “Guests can enroll in a service called WebWatcher, which monitors the sites where personal information may be shared and alerts guests if evidence of their personal data is found,”
  • Hotels are not alone in being targeted by cybercriminals: The airline industry has faced serious cyberattacks as well, and many airlines still aren’t equipped to handle them.
  • only around 35% of airlines and 30% of airports are prepared for cyberattacks.
  • "The proliferated effect of the attack on SITA is yet another example of how vulnerable organizations can be solely on the basis of their connections to third-party vendors,"
  • The aviation industry faces dangers such as ransomware and distributed-denial-of-service attacks. Following the SITA attack, HackerOne solutions architect Shlomie Liberow stressed that airlines need to prepare for the worst. 
  • traditional enterprises like airlines have always been an attractive target since few are digital-first businesses, and therefore have relied on legacy software, which is more likely to be out-of-date or have existing vulnerabilities that can be exploited."
  • The airline industry needs to keep third-party vendors in check when it comes to protecting information. Given the high stakes involved, experts suggest that blind trust is not an option. 
  • “You simply cannot know whether your third parties meet your company’s security controls and risk appetite until you’ve completed a full vendor security assessment on them,
  • It’s important to note that the best practice is not a ‘one-and-done’ activity, but through real-time, continuous monitoring.”
  • In 2015, hackers targeted Polish airline LOT’s ground operations system, affecting 1,400 passengers. The hackers made it impossible to create flight plans and flights. It was the first attack of its kind, and it caused concern about cyberattacks one day remotely taking control of planes.
  • To address the threat, the standard advice is to back up and store data in multiple places, including off your physical premises, and have one copy of it be offline
  • Multifactor authentication and long, complicated passwords will take longer to crack. Updating and patching systems regularly helps companies avoid being victimized when a new exploit is discovered.
  • Treating cybersecurity as a companywide concern, not an IT concern, encourages each employee to take ownership of their actions and knowledge and to seek help proactively instead of making an “innocent” mistake that costs the company millions of dollars.
  • Finally, companies should avoid simply throwing money at the problem: Not all cybersecurity solutions work together, which wastes money and increases the risk of a breach.
  • ldevaul on 11 Oct 21
     
    This article discusses ways that the travel industry can combat cyberthreats. The main cyber concern for hotels' is phishing, which is a scam that collects credit card information by pretending to be apart of a hotel's front desk staff. The article mentions that IT departments should do routinely updates to operating systems and back up data and files. Employees should also be trained to help prevent data breaches. The author briefly touched on what to do when your hotel system is hacked and even dives into how the airline industry is still very unequipped to handle cyberattacks and threats. This is a great read to learn how to keep up with best security practices in the hospitality and tourism industry.
pelaez17

Cyber Attack - What Are Common Cyberthreats? - Cisco - 0 views

www.cisco.com/...common-cyberattacks.html

shared by pelaez17 on 30 Sep 18 - No Cached
  • pelaez17 on 30 Sep 18
     
    This post talks about all of the common cyberthreats and what we can do to try and avoid these cyber threats. This post is extremely relevant to what we learned throughout the week in this module.
cjdearmas

How hotel chains are tackling the cybersecurity challenge - 1 views

techhq.com/...ng-the-cybersecurity-challenge

Technology hospitality hotel software

shared by cjdearmas on 14 Mar 20 - No Cached
  • With customers getting increasingly tech-savvy and looking for better deals, smarter platforms, and intelligent options when traveling, the hospitality industry is struggling to protect margins.
  • As a result, the industry is undergoing a period of consolidation.
  • This is exactly how Marriott International became the world’s largest hotel chain — it acquired Starwood Hotels & Resorts Worldwide for US$13.6 billion.
  • ...8 more annotations...
  • However, at the time, due diligence failed to discover that Starwood had fallen victim to a data breach prior to the deal which exposed customer data of 500 million guests and subjected the hotel to penalties from regulatory authorities.
  • For those in the hospitality industry, looking to acquire properties or not, cybersecurity should be something to pay attention to — after all, the risks of not defending against cyberattacks could be catastrophic with regulators tightening the noose on those that fail.
  • Given Marriott’s size and cash reserves, it was able to weather the hit it took in the stock market, compensate (loyal) customers, and cough up the fines levied on it. Others might not.
  • “The hotel industry is at risk of attacks, such as malware and ransomware, where criminals try to either steal data or exploit organizations for a pay-off. The majority of these threats come through over email, often in malicious links.
  • The incident, of course, hasn’t dampened spirits at Marriott.
    • tcale003
      tcale003 on 19 Jun 20
       
      When Mariott bought other smaller hotels and added them to their inventory, they were not careful about their cyber-security and there was a data breach. The hotel industry is at risk of being attacked by things such as malware and ransomeware. Hotels need to pay attention to Cyber-security or risk having criminals steal valuable information.
  • Hotels house banks of sensitive
  • Hotels house banks of sensitive
  • rfahi001 on 14 Mar 20
     
    email security is a good defense against cyberthreats in the hospitality space because it not only helps fend off attacks but also sensitizes staff to risks in cyberspace and provides them with basic awareness and education.
  • anonymous on 18 Mar 20
     
    Mariott learned the hard way about the importance of cyber security! By inquiring a hotel for their boutique hotel line, it wasn't until after the fact that they realized that the hotel had been hit by a huge data breach in their system. Luckily, Marriott has the resources and reputation to deal with the issue. But a lot of these smaller hotels do not, so the damage to them could be catastrophic.
  • cjdearmas on 20 Jul 20
     
    "The hotel industry is at risk of attacks, such as malware and ransomware, where criminals try to either steal data or exploit organizations" Majority of threats come through over email, often in malicious links. deploying email security is a good defense against cyberthreats in the hospitality space because it helps fend off attacks.
llibe010

The Top Five Cyberthreats Hotel Brands and Franchisees Need to Know About | Netsurion - 0 views

www.netsurion.com/...p-five-cyberthreats-for-hotels

Technology hospitality hotel software security

shared by llibe010 on 23 Jun 22 - No Cached
  • ay for guests, it also opens hotels to digital threats perpetrated by malicious actors. Consequently, hotel operators should be aware of the types of cyber attacks, which can significantly hurt their brand reputation and bottom line, not to mention the safety and welfare of employees and guests.
  • In January, for example, cyber criminals took over a luxurious Austrian hotel’s computer-controlled key-card system, locking 180 guests out of their rooms until hotel managers paid a nominal ransom
  • A ransomware attack may disable or alter performance of hotels’ computer-driven systems such as air conditioning and lighting, putting guests’ comfort and, worse yet, safety at risk. In addition, booking systems are extremely vulnerable to ransomware attacks because they process information belonging to the hotels, third-party applications and their customers.
  • ...18 more annotations...
  • 1. Ransomware:
  • hey present further ransomware opportunities to hackers by using computers to automate functions.
  • distributed denial of service, or DDoS
  • One of the largest data breaches in history was conducted through a third-party vendor when hackers stole data from 70 million credit cards by gaining access to a mega-retailer’s network through credentials belonging to an HVAC contractor.
  • 2. Remote hacking through third-party vendors:
  • 4. DDoS attacks on the hotel network:
  • 3. Phishing scam targeting customers and hotels:
  • Train employees. Hotels should train employees to not open suspicious emails or links inside them as they may contain malware.
  • Statistics indicate that such incidents will become more frequent, so it is not a matter of if but when the next cyber attack will occur.
  • Integrate a managed SIEM. Hotels should bring on a managed security information and event management (SIEM) platform for their remote locations to be warned right away of cyber attacks. They may also want it for inside the perimeter if they lack the expertise and resources to properly use SIEM internally.
  • Maintain PCI compliance. The Payment Card Industry Security Standards Council (PCI SSC) has put forth a set of stipulations, the Payment Card Industry Data Security Standard (PCI DSS), in response to rapid PCI expansion. Hotels should make sure they are compliant with these regulations, which require businesses to send credit-card information in a secure environment, to prevent paying heavy fines and losing data, revenue, and customer trust.
  • Install antivirus on all devices. Hotels should ensure they have reliable anti-virus and anti-malware software installe
  • 5. Theft of personal information over public Wi-Fi.
  • According to the FBI, the number of cyber threat occurrences quadrupled to 4,000 per day last year from 1,000 per day in 2015
  • The number of cybersecurity incidents worldwide increased 38 percent in 2015 from 2014, according to the Global State of Information Security Survey 2016 by PwC, CIO, and CSO.
  • In addition, there are large volumes of payment card transactions between restaurants, on-site shops, spas, parking, and the front-desk, ensuring there is plenty of customer data for a hacker to compromise.
  • Hotels are especially vulnerable to this type of attack where a type of malware disrupts access to a system until a ransom is paid. This is because they often use integrated POS systems
  • Hackers can break into hotels’ payment systems through a remote access point belonging to one of its vendors, so they should closely monitor third-party access to their networks
  • CHARLENE ESCOE BARNETT on 23 Jun 22
     
    This article outlines some of the main cyber attacks on the Hospitality industry. It exposes the threats due to the wealth of data stored in PMS, POS and CRM and suggests steps to take to protect against malware and randsomeware. The article further highlights the necessity for antivirus software on all devices.
  • llibe010 on 19 Oct 22
     
    The article describes the five most common cybersecurity risks for hotel brands such as ransomware, remote hacking and DDoS attacks. The operational elements of each risk have also been discussed. It also covers best practices that hotels and other hospitality organizations can adopt to curb breaches.
mattiebell

The Top 6 Cyberthreat Actors: Today's Most Active Groups - 1 views

blogs.blackberry.com/...the-top-6-cyberthreat-actors

shared by mattiebell on 26 Feb 23 - No Cached
  • ALPHV is a relatively new and rapidly growing cybercrime group. First observed near the end of 2021, the ALPHV group gained attention for innovative extortion tactics, and unconventional attack methods.
  • To date, BlackCat ransomware has struck retail, financial, manufacturing, government, technology, education, and transportation, across a range of countries that includes the U.S., Australia, Japan, Italy, Indonesia, India, and Germany.
  • Some of the ransomware it utilizes includes Cobalt Strike, Mimikatz, and AdFind. One of the most dangerous aspects of APT29 is that they have been known to develop their own set of custom tools for hacking campaigns.
  • ...1 more annotation...
  • TA505 is a significant player in the global cybercrime scene, and has been a driver of global trends in the cybercriminal underworld. The group targets education, finance, healthcare, hospitality, and retail worldwide. It is also known for its long-term cyberattack lifecycle, sometimes persisting in a target's network conducting reconnaissance for weeks — even months — successfully avoiding detection as it patiently identifies the highest-value targets in the victim’s environment.
  • mattiebell on 26 Feb 23
     
    This article discusses the most active cyber threats that exist today. I chose this article because it highlights a topic many industry leaders aren't aware of. Many view cyber attacks as crimes of opportunity, which they often are. However, we have to remember that there are also dedicated groups who are committed to acquiring data they shouldn't have. Knowing these groups, their signs, and what industries they target can help create a stronger team and plan to protect against them. These are especially common in hospitality and retail.
allisonweets

Guests: Hotels are not investing enough in cybersecurity | Hotel Management - 0 views

www.hotelmanagement.net/...investing-enough-cybersecurity

hospitality technology business hotel cybersecurity security data

shared by allisonweets on 16 Feb 20 - No Cached
  • More than 22 million U.S. travelers self-report as being the victim of a cyberattack through their business with hotels, according to the Morphisec 2019 Hospitality Guest Threat Index.
  • Following the Marriott International/Starwood Hotels & Resorts Worldwide breach that was discovered nearly a year ago, U.S. Commerce Secretary Wilbur Ross noted that “many companies have been scrimping on the cybersecurity budget” — both in the hospitality sector and beyond.
  • Almost 60 percent of consumers said restaurant point-of-sale systems are the most susceptible to cyberattacks within the hospitality industry.
  • ...4 more annotations...
  • Millennials (24- to 35-year-olds) believe they are most vulnerable to a cybersecurity breach when staying at a traditional hotel rather than when booking with Airbnb.
  • More than 25 million U.S. consumers self-reported that a restaurant visit has resulted in a data breach.
  • Earlier this year, Morphisec discovered FIN8, a cybercrime group most known for targeting the retail industry, was actively targeting POS systems within hospitality companies in the U.S. and abroad.
  • “Increasingly, attackers are targeting weakly defended point-of-sale systems as an entry point into the broader hospitality organization network. With many POS devices in the hospitality industry still running on Windows 7 or even Windows XP-based embedded operating systems, they are increasingly vulnerable to breaches, and cybercrime groups are taking notice.”
  • allisonweets on 16 Feb 20
     
    This article discuss the idea that cybersecurity has been neglected according to consumers and more emphasis should be placed on protecting their private information. It has been found that point-of-sale systems are the most common victims of these breaches, and most often at restaurants. Attackers are targeting systems with weak points and outdated software, making them at a considerably higher risk for breaches and cybercrime. Companies must start investing more in heightened security measures in order to retain consumer loyalty.
jiayi017

Stopping Data Breaches in Hospitality | Impact Networking - 0 views

www.impactmybiz.com/...data-breaches-in-hospitality

data hospitality

shared by jiayi017 on 06 Mar 21 - No Cached
  • Nearly half of all cyberattacks target SMBs, a number which is expected to increase.
  • Human error is the number one cause of data breaches from cyberattacks, with 52% of incidents directly attributable to them.
  • The majority of attacks that occur within businesses happen because somewhere along the line, someone made a mistake. Perhaps they opened an attachment they shouldn’t have or visited a risky website.
  • ...7 more annotations...
  • 93% of companies without a disaster recovery plan who suffer a major data disaster are out of business within one year.
  • SMBs simply don’t have the resources to survive breaches and are risking their entire business by not fully preparing against attacks.
  • Research suggests that 70% of consumers would stop doing business with a company if it experienced a data breach.
  • even for businesses who can survive a breach and save their data, long-term consequences can be dire.
  • Consider a true next-gen antivirus for everyone under your network to minimize the potential for attack.
  • By keeping all your data periodically backed up in secure data centers, you can rest a lot more easily knowing that should the worst happen, you can respond quickly and effectively.
  • One of the most effective ways of counteracting the dangers of cyberthreats is by training employees and establishing policies around a security strategy.
  • jiayi017 on 06 Mar 21
     
    This article describes the destructive effects of cyber attacks on enterprises, especially small and medium-sized enterprises. Because it does not have sufficient prevention and sufficient resources for disaster recovery. The most direct cause of current cyber attacks is that people open some risky websites or emails in the wrong place. For the hospitality industry, there is a large amount of customer privacy and sensitive information. Once attacked, its destructiveness is unimaginable. And to protect consumer data, most service industries just comply with local state laws, but most state laws have not made greater progress in information protection. Therefore, enterprises should protect themselves and their customers from cyber threats from the three aspects of their own network endpoints, disaster recovery and education.
rhoff019

Council Post: Cybersecurity As We Know It Is About To Change - 0 views

www.forbes.com/...-we-know-it-is-about-to-change

shared by rhoff019 on 16 Jul 20 - No Cached
  • the global cybersecurity market is set to increase to $270 billion by 2026. This signals the priority boardrooms have placed on cyber risk management even as digital transformation takes place en masse.
  • COVID-19 has become the catalyst to trigger change in the ways we manage and operate technology.
  • Virtual desktops emulate a computer system so that IT can control access as such adding input/output devices as well as software and applications. This could become an important control point when remote workers are operating outside the safety of a corporate network.
  • ...15 more annotations...
  • Telecommuting Is The Only Way Of Working For Many
  • With the remote working concept taking center stage, re-evaluation of these policies is needed to address the new cyberthreats.
  • With millions of employees working from home, hackers’ focus has shifted from enterprise to remote working individuals. To handle the menace that exists in cyberspace, decentralized cybersecurity will rise where greater emphasis will be placed on data sources such as actual remote employees themselves.
  • User access controls have largely revolved around single or two-factor authentication. These methods rely on “something you know (username)” and “something you have (password).”
  • This means identity protection will be a top priority, and the best defense should involve building authentication systems that focus on “who you are.” This would require advanced biometric solutions such as fingerprint/thumbprint/handprint, retina, iris, voice and other facial recognition technologies.
  • The current state of privacy regulations is designed around the enterprise network and building the proverbial wall to keep sensitive data out of prying eyes.
  • With swift digitalization, security controls will shift to data sources, similar to the trend witnessed in IoT.
  • From a risk management perspective, global privacy policies will need to encapsulate standard operating procedures regarding BYOD, GDPR compliance and state privacy laws.
  • The shift to cloud services offers employees, customers, suppliers and everyone else across the ecosystem a seamless and frictionless way to access data and applications. Remote access by various users would compound security challenges and present many new potential attack vectors. In the post-pandemic world, IT resources could shift toward data, particularly keeping data secure across cloud platforms.
  • This will facilitate cybersecurity teams to apply varied access controls and demarcate data storage to minimize the risk of cyber intrusion and data breach.
  • Innovative technologies such as ML/AI and AR/VR will see greater adoption. As we have already witnessed, video conferencing applications will continue to rise as non-contact interactions surge.
  • Sectors such as retail, hospitality and manufacturing will layer their adoption of robotics with added AR/VR capabilities.
  • Cybersecurity teams that are saddled with an events-based approach will be overly burdened with triages when a cyber breach occurs. By embracing an intelligence-driven approach, businesses can digitalize confidently with external threat intelligence as the guiding beacon.
  • Social engineering techniques to trick untrained and unsuspecting employees, third parties and contractors into releasing confidential information or letting an intruder into a corporate network will also intensify accordingly.
  • Cybersecurity awareness training for people across the entire supply chain and ecosystem will prevail.
  • rhoff019 on 16 Jul 20
     
    By 2026, the investment in cybersecurity will increase to $270 billion globally. After the COVID-19 pandemic companies will need to reevaluate their cybersecurity systems to adapt to telecommuting as many companies will have some of their employees working from home. Biometric security such as a fingerprint or iris scan will become more common as the typical password will no longer be as secure as it once was.
1 - 8 of 8
Showing 20 items per page