In TrustWave’s 2019 Global Security Report, it emerged that hotels and other hospitality companies are increasingly a target. The report disclosed statistics on common cyber targets and attack methods for different industries. Meanwhile, PwC’s Hotels Outlook Report 2018-2022 said that hospitality accounts for the second-most attacked industry, after retail.

What kind of data breaches do hotels face?

Drilling down into TrustWave’s figures, 30% of cyber attacks on hospitality companies are targeting card track data. This is because hotels routinely collect card swipe data from consumers, and this financial data is a treasure trove that hackers want to reap.

Hackers are known to target different types of data from different industries. For instance, retailers are most often targeted for e-commerce data. To hack into these different categories of data, hackers are using unique strategies.

“It’s very worthwhile for companies to educate themselves about what kind of cyber attacks are most frequent in their industry,” said Simon Whittaker, cyber security director at Vertical Structure. “Awareness is the first step to protecting your data.”

Cloud-based data held by hotels is a target for cyber attack

When it comes to hotels and other players in the hospitality industry, many attacks are targeting data that’s held within the cloud. Nearly one-third (29%) of attacks on hospitality organisations are targeting their cloud systems – representing more cloud-based attacks than in any other sector.

“Clearly, according to TrustWave’s findings, hospitality companies need to be more vigilant about cloud-based security than organisations in any other industry,” said Simon Whittaker. “This is based on hard data found by TrustWave, but it mirrors what we are seeing in the market.”

[Source: TrustWave Global Security Report 2019]

The hospitality industry was third on TrustWave’s list of most hacked industries, with 10% of attacks – just behind finance at 11%. The overall most attacked industry, retail, accounted for 18% of recorded security breaches.

Cloud-based attacks aren’t the only type of breaches that hospitality companies face – 29% of attacks are on their internal/corporate networks and another 28% of attacks are at the point of sale (POS).

Marriott may be the first in a trend

The most highly-publicized recent breach on a hotel was Marriott – resulting in the ICO’s intention to fine Marriott £99m and prompting several class-action lawsuits in the US. In that attack, according to Forbes, hackers had installed a “Remote Access Trojan (RAT), which allows hackers to covertly access, surveil and gain control over a computer”.

Reputation damage and share price volatility are just two of the side effects that a breached organisation may face.

“There are great advantages to using cloud infrastructure, but the responsibility still rests on the company to ensure its online assets are protected – in particular, in protecting citizens’ private data,” said Simon. “The regulators have demonstrated that they will pursue instances of data breaches, even when a company has been a victim of a crime.”

Vertical Structure always advises companies to keep their cloud infrastructure secure through monitoring, testing and training. The company’s “Prepare, Protect, Persist™” approach means that companies need to prepare for cyber security protection with human-centric consultancy, protect their online assets with penetration testing, and persist at the task by ensuring their employees are trained in cyber security issues.