Breach of information systems at hotels and motels, particularly large chains, is becoming a huge problem that highlights the importance of hospitality industry cybersecurity.
The two primary reasons why hackers are increasingly targeting hotel databases:
Threatcare enables companies in the hospitality industry to validate their security through proactive cyber defense. Threatcare, an Austin-based cybersecurity SaaS company, believes that all organizations have a right to know if they’re protected. The Threatcare Suite contains a BAS technology, offering breach and attack simulations so organizations can continuously validate that their defense in depth is working.
In January 2017, The New York Times reported that hackers breached the electronic key system at the Romantik Seehotel Jaegerwirt, in Austria, and locked guests out of their rooms. It was a ransomware attack; the hackers demanded a payment of around $1,800 USD to unlock the rooms, which the hotel management gladly handed over.
Hotel databases hold a great deal of customer financial information; since most rooms these days are reserved by credit or debit card, that information is stored in a hotel’s customer database. Hackers who breach those systems can download the information and help themselves to bank accounts.
There are other instances of data compromise within hotel information systems. For example, sometimes automobile information or Social Security numbers are associated with customer check-in data as well. Also, hotels increasingly have additional customer data including contact details, travel plans, air miles, birthdays, personal preferences and other bits of information that can be exploited, ranging from fraud to extortion.
Worse, in many instances, even information systems at top hotel chains are inadequate.
Oftentimes hotels, like other industries, focus more (and spend more) on regulatory compliance than they do security, so their systems remain vulnerable even to average hackers.
One way to mitigate hotel information systems vulnerability is to regularly conduct information system security audits using Threatcare.
Also, cyber experts say that hotels, and other retailers, should upgrade their credit card systems to the chip-enabled processing. While not completely foolproof, such systems are definitely safer because they provide added measures of security and data protection. Another potential security measure that hotels should consider in the future is biometric technology for employees, using fingerprints and/or facial scans to restrict access to sensitive data.