Hotel cybersecurity industry in 2020- step up your security.

Secure Stay
6 min readJun 16, 2020

--

When we think of burglars breaking into our safe zone and violating our privacy, we often imagine the thief bypassing our alarm system, the entry taking place through some kind of broken door or window, latex gloves, black wool hoods, a big mess of personal item thrown around the room out of drawers, the grabbing of precious goods and, finally, the thief hurrying and running out never to be seen again.

But when we mention cybercriminals, such as Hotel’s hackers, the story is totally different as the tight window of opportunity is often not an issue: they might even consider not leaving the premises — in this case the system — for a while, as they will breach their way in, spending time in your “secured” network assessing and preying on the incessant flow of data coming in, while gathering it all with malicious intents at mind… They will even consider not fleeing — exit your systems — for as long as they will remain undetected.

As detailed in a previous article, hackers are targeting financial institutions because that’s where the money is, and they target retail chains because that’s where people spend their money. Hotels might seem a less obvious target, but they’re being hacked more often in the last few years because of the valuable data that passes through them like credit cards, personnel data as copies of personnel identifications (passports, National ID,…), as well as trade secrets stored in the phones and laptops of businessmen and diplomats staying in your facility, which are using your free wifi services.

The fact that in some of the cases no evidence of customer data is showing up on the dark-web marketplaces, such as after The Marriott data breach case announced in November 2018, may sound like good news. But it may actually as well be bad, said Arne Sorenson, President & CEO of Marriott International, during his testimony following the investigation:

“The lack of commercial intent indicated to experts in cybersecurity that the hack was carried out most probably by a government, which might have used the data to extrapolate information about politicians, intelligence assets, and business leaders.”

So what is the solution? Is it to advise corporate clients to avoid using personal devices altogether while on the road? Or is it maybe time for hotels to guarantee the hermetic safety of their guests by taking the threat very seriously and acting upon it by teaming up with experts in the field?

Bloomberg Businessweek exposed a story in June 2019 about “in-house guests” looking for, and finding, a hacking door to the Property Management System (PMS) — which hotels use to register reservations, issue room keys, and store credit card datawhile simply plugging the internet cable from their room’s smart TV into their laptop. That way they gained access to the hotel’s PMS, which led them into the chain’s corporate system and allowed them to gain access to years’ worth of credit card information from transactions across dozens of hotels.

One of the most surprising entry points for the hack was an internet port in the window frame, designed to let guests open and close curtains by remote control, which has proven to be an equally valid way of breaching and compromising hospitality cybersecurity systems to its core.

Luckily those were hacks carried by IT consultants who were making a point of proving their hospitality clients’ laxist approach to Cybersecurity threats.

In a famous case, hackers breached the internet-connected fish tank in the lobby of a Las Vegas casino in 2017 and used that exploit to find a database of high rollers on the property’s internal network.

Hotels have been lately recognized as a “one-stop-shop” opportunity for malicious and trained cybercriminals.

Those modern sophisticated thieves, often related to as “Ghosts”, have targeted electronic door locks systems to access and burgle rooms, used malware attacks to infiltrate the reservation system or the in-house restaurant POS to capture critical customer data, they’ve even used Wi-Fi to hijack hotels’ internal networks in search of corporate sensitive data only to be detected after the deed was done.

And this is not new: just about all of the major industry players have reported breaches.

For all those reasons, the hospitality industry has been among the favorite targets over the past few years — and the battle is far from being over.

“Those not learning from past mistakes are doomed to repeat It”: who said we can’t learn from others’ mistakes?

In a previously published article, we showed that a clear pattern of after fact discovery is clearly noticeable: new and more sophisticated techniques are being used, such as phishing attacks, ransomware, DDoS attacks, Remote hacking through third-party vendors, DarkHotel hacking and identity theft, to name a few.

But how can you prevent it from happening or stop it while happening?

Partnering with an expert in the field of Hotels Cyber Defense is your best and safest option.

One can’t improvise himself as a specialist.

With constant new techniques used across the board, it is mandatory to have by your side a Cybersecurity company that understands the needs and the exposure of your institution and vertical, scanning at all times your system and guaranteeing a hermetic flow of data inside your company and outside of it — as well as checking the third parties you are employing and collaborating with.

Cybersecurity scanning — particularly spotting live data breaches as well as spotting potential compromised or weak entry gates before the breach even occurs — is a full-time job that needs to be done by experts.

When is it the right time for taking that essential step of partnering with an expert?

There is never a better time than RIGHT NOW!

During times in which the Covid-19 outbreak has affected all sectors of the world’s economy, the hotel, leisure, retail, and travel industries have been hit particularly hard.

Since December 2019, the outbreak of the COVID-19 coronavirus has had a devastating impact on the world economy. Fitch, the credit rating agency, predicts that there will be a deep global recession. It anticipates that global economic activity will decline by 1.9 percent, with the U.S. (down 3.3%), Eurozone (down 4.2%), and UK (down 3.9%).

In April 2020, Ursula von der Leyen, the European Commission President, said, “[…] I would advise everyone to wait before making holiday plans. We will need to learn to live with this virus for many months, probably until next year[…]”

The numbers are simply staggering. The hospitality and travel sector has never experienced anything like this shut-down. The impact is being felt by lenders, investors, owners, operators, employees, and the sector’s supply chain as well as in adjacent sectors, like the events industry.

In this context the Hotels and all its surrounding services need to up their game, guaranteeing their clients with the safest environment one can expect to get for their spent dollars, and it starts with reinforcing their cybersecurity gates.

Surprisingly, the outbreak presented the Hotel Industry with an incredible window of opportunity during which it could have its system thoroughly checked.

With a stop to the yearlong stream of bookings from travelers, businessmen, or even conferences, there is no better time to open your systems up for a thorough check in order to spot any existing network weaknesses and for a risk assessment; not to mention for providing training for employees and scale up your organizational awareness.

Hotel cybersecurity industry in 2020 - step up your security

--

--

Secure Stay
Secure Stay

Written by Secure Stay

Secure Stay is the leading cyber security company in the hospitality field. For many years, we’re preventing cyber risks in the hospitality market

No responses yet