Cyberattack on Luxury Resort Should Put Hospitality Industry on High Alert | Fisher Phi... - 0 views
www.jdsupra.com/...xury-resort-should-put-6792530
cyberattack cybersecurity hospitality privacy technology
shared by smend120 on 05 Oct 22
- No Cached
-
Cyberattack on Luxury Resort Should Put Hospitality Industry on High Alert
- ...17 more annotations...
-
The Allison Inn & Spa, recently fell prey to a ransomware attack that left its employees’ and guests’ personal information exposed
-
the stolen information – which includes data from 1,500 employees and more than 2,500 guests, including dates the guests stayed at the hotel as well as employees’ birthdays, phone numbers, and Social Security numbers – was posted on the public internet in easily searchable form.
-
Typically, stolen confidential information such as this is only published on the “dark web” and is not as easily retrieved through any type of online searches.
-
If affected devices cannot be removed from the network (or if the network cannot be temporarily shut down), secure the network by powering down infected devices to avoid any further spread of the ransomware infection;
-
the public release of the confidential guest and employee data may have been an “experiment” to see whether it could further ratchet up pressure on the business to pay out the ransom.
-
this new tactic may be a trend we see from cybercriminals looking to extort their victims in future ransomware attacks.
-
companies should consider deploying multifactor authentication in order to gain access to company networks, provide robust cybersecurity training to all employees on an annual basis, and maintain offline, encrypted backups of all internal data.
-
Cybercriminals are constantly coming up with novel schemes to kidnap their victims. A recent cyberattack on a five-star resort should act as a cautionary tale for your company. In Oregon, the Allison Inn & Spa recently became the target of a ransomware assault that revealed the personal data of its staff and visitors. The stolen data was published in easily accessible form on the public internet and includes details from 1,500 employees and more than 2,500 guests, including dates of the guests' hotel stays as well as employee birthdays, phone numbers, and Social Security numbers. The "dark web" is typically the only place where stolen private information like this is released, making it harder to find through regular online searches. The goal of the cybercriminals was to coerce the company into paying a ransom. The public disclosure of the private visitor and staff information seems to have been an "experiment" to see if it would increase pressure on the company to pay the ransom. Cybercriminals may use this new strategy frequently in the future to demand ransom from their victims. The implementation of thorough cybersecurity risk management procedures should be considered by resorts. In the event of a cybersecurity attack, determine which systems were affected by the attack and immediately isolate them. Then, prioritize those systems for restoration and recovery. After which, involve internal and external stakeholders and retain legal counsel for advice. It is crucial that you hire a third-party incident response provider and notify law enforcement. Multifactor authentication should be used by businesses to protect network access, and they should also annually train all staff in cybersecurity best practices and keep offline encrypted backups of all internal data.