It’s exciting to see how technological advances can smooth travel experiences. But there’s a dark underbelly to the advancements in the hospitality world.
Hospitality providers are at greater risk to cybersecurity vulnerabilities that come with a network-focused world, according to a new report from Trustwave SpiderLabs, a firm focused on keeping businesses across the globe ahead of security threats.
Many have already faced issues. Thirty-one percent of hospitality providers reported that they had data breaches, the report said, citing Cornell University and Freedom Pay. That kind of breach costs on average $3.4 million for companies - and the cost isn’t just monetary; a breach can also hinder a company’s reputation.
In an industry where guest satisfaction and reputation are paramount, staying secure while offering cutting-edge technology is a delicate balancing act.
Kory Daniels - Trustwave
The hospitality industry faces a “complex security landscape with distinct challenges,” Trustwave Chief Information Security Officer Kory Daniels said in a release, adding that the environment comes from elements such as “the adoption of contactless technology and the steady turnover of customers and employees.”
“In an industry where guest satisfaction and reputation are paramount, staying secure while offering cutting-edge technology is a delicate balancing act,” Daniels said. “Our latest threat briefing is a valuable resource for security leaders within the hospitality sector, providing a comprehensive view of the threats observed by our SpiderLabs team, along with specific mitigation strategies to bolster defenses.”
While the report is new, the threat to the hospitality industry is not. Widely reported breaches to which Marriott International, Choice Hotels and Sonder have fallen victim reflect the challenges the industry is facing. PhocusWright released a report last year revealing that digital fraud attacks rose 156% from the previous year.
“The travel industry functions in an environment where numerous potential points of failure make the prevention and detection of cybersecurity breaches significantly more difficult relative to other industries,” Robert Cole, senior research analyst for lodging and leisure travel at Phocuswright, said upon the report’s release.
Here’s what travel professionals need to know about cybersecurity risk and how specific technologies - some of which have been trending - are creating more risk, according to the new report.
What are hospitality’s cybersecurity risks?
A number of factors put the hospitality industry at risk when it comes to cybersecurity, as outlined in the Trustwave SpiderLabs report:
- An ever-changing workforce: A “seasonal and less sophisticated workforce” in hospitality means it’s hard to maintain consistent cybersecurity training.
- Users, guests: A constantly changing audience of users can strain a property’s bandwidth, while exposing its networks to attacks from bad actors.
- Work environment: Unlike office buildings, hotels are accessible to guests and others who could be responsible for a breach.
- Franchising: Because many hospitality brands are franchised, they can face additional security risks when franchisees adopt different business models, creating a lack of consistency in security.
How generative AI, LLMs could heighten risks
Given these inherent vulnerabilities in hospitality, new technologies that can be elemental in advancing the industry can also heighten existing risk levels.
Subscribe to our newsletter below
Artificial intelligence - including generative AI and large language models (LLMs) - has been the subject of many headlines pondering its place in travel’s future. And Trustwave SpiderLabs predicts it will only continue to become a larger part of the industry as chatbots and language translation methods are implemented to improve traveler experiences.
But generative AI has the capability to store a lot of information - and that includes data about guests. If exposed, that data could be used by cyber criminals to conduct identity theft and other crimes. LLMs make it easier to personalize those attacks.
Trustwave SpiderLabs advises taking on security tools or partners that can detect advanced phishing measures, vetting supply chains, monitoring any AI systems in use and implementing protocols internally to limit risk.
How contactless tech heightens risk
Like generative AI, contactless technology (i.e., mobile payment, mobile check-in, mobile reservations) has become increasingly popular post-pandemic.
With it comes a lot of stored data and the risk of a full system shutdown thanks to the interconnectedness of hospitality systems if cyber criminals make their way into a company’s system. Some of these attacks could come from phishing emails that carry malware.
Among the measures to mitigate risk, Trustwave SpiderLabs advises implementing evergreen security strategies, conducting vulnerability testing on a regular basis, making sure servers are behind a firewall and deactivating internet access if it’s not a priority for some devices.