Hoteliers' Major Concern Isn’t What You Think: Cyberattacks Are on the Rise

The travel and hospitality industry has readily embraced technological advancements. For instance, a recent survey conducted by ExtraHop featuring hundreds of cybersecurity and IT decision-makers in the sector revealed that nearly 92% of organizations have employees using generative AI tools. But despite the industry's enthusiasm for innovation, there is a problem. Many companies need a proper response to the ever-increasing threat of cyberattacks that accompany technological advancements.

Embracing emerging technologies can offer guests seamless experiences, such as streamlined check-ins, contactless payments and personalized services. However, adding new tech to enhance guest experience also increases a company’s surface area for attacks, and those attacks can result in data breaches that can lead to reputational damage. To mitigate these risks, hotels must invest in robust network security solutions like Network Detection and Response (NDR) and Intrusion Detection System (IDS). When used in tandem with tools like Endpoint Detection and Response (EDR), organizations can protect not only their data, but also the privacy and safety of their guests.

Ensuring Security Amid Emerging Technology

AI has the potential to improve security in the hospitality industry with the ability to quickly and efficiently identify potential threats, trends and predict cyberattacks. However, it’s a double-edged sword. Generative AI can also be used to improve phishing attacks as it can automate the creation of convincing, personalized messages with speed. To realize the benefits of AI while minimizing risks, hotels should adopt security tools that have strong threat modeling capabilities, continuous monitoring, and leverage the power of AI for greater precision.

NDR solutions provide a comprehensive view of all of an organization's assets across on-premises, cloud, remote sites, and distributed workforce environments. The network is the most powerful source of truth in cybersecurity, and network-based security solutions offer invaluable insight into potential threats and how attackers move within an environment. NDR solutions are able to detect suspicious activity in the network, whether it be from internal or external sources, with some offering AI-powered investigative workflows for quick response to these suspicious activities. With NDR, security teams gain a holistic view of network activities, and by integrating with other security tools like EDR, organizations can automate response to swiftly stop attacks before they become breaches.

Combining the power of NDR with IDS and intrusion prevention system (IPS) tools can also bolster an organization's network security. IDS solutions do a good job of monitoring north-south traffic — meaning they focus on traffic entering and exiting a network — and can detect a wide range of known threats. These capabilities make IDS tools a fine complementary technology to NDR, which excels at detecting anomalous behaviors and threats in east-west traffic. Another complementary tool is IPS, which often works together with IDS and NDR tools. IPS tools can identify known threats, and with the ability to block traffic from suspicious sources, they offer response options that go a step further than IDS. However, IPS tools are notorious for creating false alerts and generally lack the ability to reliably detect new and unknown threats. 

Security information and event management (SIEM) tools are found in almost every security operations center, and for good reason. They can gather data from several different sources — including NDR solutions — to offer a consolidated view of an organization's digital ecosystem. SIEM solutions can also detect security events and potential threats, providing security teams with early warnings. Where SIEM tools can struggle is in their reliance on logs, which lack the depth and context of information available in network packets, the primary data source for NDR. In parallel, user and entity behavior analytics (UEBA) solutions introduce another layer of defense by monitoring and analyzing user and system behavior patterns to identify anomalies that can indicate attacks in progress. UEBA tools are often combined with SIEMs, and many UEBA capabilities are also available as features in NDR solutions. 

Protecting Guests and Sensitive Data

To effectively prioritize guest safety while embracing cybersecurity in general, businesses in the hospitality industry also need a dynamic risk mitigation method that adapts to the evolving threat landscape.

To effectively manage cybersecurity risks, it is important to begin by conducting a comprehensive risk assessment that provides essential context for decision-making. This assessment should identify potential vulnerabilities within your network, systems, and processes, taking into account both internal and external threats, such as cyberattacks, insider risks, and human error. By automating response workflows using some of the solutions mentioned earlier, organizations can proactively intercept threats before they metastasize. To ensure a structured and strategic approach, it is recommended to align cybersecurity efforts with established frameworks and standards, such as the NIST Cybersecurity Framework or ISO 27001.

It's also imperative for hospitality brands to classify the data they collect and store, with a focus on safeguarding sensitive guest information, including critical personally identifiable information (PII). Robust encryption protocols and stringent access controls should be implemented to secure sensitive data against unauthorized access. It is also important to ensure compliance with data protection and privacy regulations such as GDPR or CCPA, depending on the operational location and guest demographics.

Brands should also regularly perform security audits and vulnerability assessments to unearth potential blind spots and weaknesses within cybersecurity infrastructure. To evaluate the organization's readiness, perform penetration testing to simulate cyberattacks. Create a comprehensive incident response plan that outlines precise procedures to follow in case of a security breach, including clear roles and responsibilities for managing incidents, along with established communication protocols. 

Lastly, prioritize ongoing cybersecurity training for employees, providing them with the necessary knowledge and tools to identify and report potential risks. Employees often serve as the first line of defense against cyber threats and play a vital role in maintaining the organization's security posture.

The travel and hospitality industry's journey towards innovation need not come at the expense of guest safety. By adopting a proactive approach to cybersecurity, hotels can safeguard their guests' personal information, protect their brand reputation, and ensure the seamless integration of emerging technologies.