Security Experts Collaborate to Minimize Impact of Breach

In the aftermath of a security breach, time is of the essence. Top priorities include: understanding the nature and scope of the breach, consulting with experts, and preparing and enacting a plan to minimize the impact and make whole those systems and individuals affected.

In theory, that sounds good, but the reality, is that the time following the discovery of a breach can be trying — and expensive. Real information can be hard to come by and calling on the most trusted experts gets expensive, fast.

After news of a breach at a major POS system provider broke in early August, many hotel security chiefs found themselves enduring all of that misery.

For members of HTNG’s CISO (Chief Information Security Officer) Forum, that pain and uncertainty diminished much more quickly than it did for others.

Here are five reasons why:

1. Within three hours of the news breaking, 22 members were on a conference line sharing information and ideas for response.
2. Each day afterward for many days, the group continued to meet to discuss developments.
3. On day three, Brian Krebs joined the call to share his expertise — three hours of access that would otherwise be very costly, or out of reach, for many hotels.
4. The daily calls also included other carefully selected experts from the vendor community lending their insights and advice.
5. Leaders from top retail and restaurant associations — two industries also heavily affected by the breach — dialed in to join in the collaboration.

“They were able to coalesce around a common plan,” says Mike Blake, CEO of HTNG. “There is strength in numbers in the ability to come up with a solution.” This includes the ability to validate current plans with peers. Solutions can typically be produced faster using this approach than they can by operating in a vacuum. CISO members have a built-in network of colleagues they can rely on, just a phone call away.

The group’s efforts helped participating hotels come up with best practices to respond, such as how to communicate the news to frontline employees and in turn, how they should respond to guest inquiries, as well as developing checklists for places to look for possible impact.

The CISO Forum, a hotelier-only group, first came together in mid-2014. Several hotel Chief Information Security Officers had asked for an opportunity to confidentially share information about security threats, best practices, security management, and solutions. The Forum addresses both physical and logical security.

“HTNG’s CISO forum is the hospitality security professional’s opportunity to meet with peers, discuss security trends, and share important information in a private setting,” says Jason Stead, VP, Enterprise Security, Privacy & Corporate IT at Choice Hotels International. “The forum helps organizations address threats that affect hotel and guest safety.”

CISO members all sign non-disclosure agreements, increasing the freedom to candidly share ideas and the impact better solutions have in service. In addition to responding in extraordinary circumstances, CISO meetings are held at least twice a year to discuss trends, best practices and insights. CISO also maintains a listserve for rapid communication on emerging or evolving threats and conducts regular surveys of its members on key issues. New members are welcome and encouraged: Contact [email protected].

The sad reality is that security breaches are not about if, they are about when. “This is not a place to compete,” says Blake. “We don’t gain anything by being better than someone else. This is all about collectively doing the best we can as an industry to fight a very well capitalized opponent.”  HT