HospitalityBiz India
Hotels FoodService Operations Ministry Associations Equipment Editorial HR Technology Technology Advisory Board Community
Follow us on Facebook Follow us on Twitter instagram
    Home > Expert Speak

Cybersecurity in Hospitality: An Unsolvable Problem?

By Nirmal Kumar,VP Sales – South, East & SAARC, Paladion Networks

Wednesday, June 27, 2018, 11:01 Hrs  [IST]

In recent years, high-profile breaches of major hospitality companies have made several headlines. Between 2015-2018, the following hospitality companies suffered substantial breaches:

  • Mandarin Oriental Hotel Group
  • Trump Hotel Collection
  • Starwood Hotels & Resorts Worldwide
  • Hilton
  • Hyatt Hotels Corporation
  • Hard Rock Hotel & Casino Las Vegas
  • Omni Hotels & Resorts
  • Intercontinental Hotels Groups
  • ...among many more
Why has the hospitality industry quickly become one of the top-5 most-breached industries?
While hospitality companies have fewer transactions than retail organisations — and thus have data on fewer customers to steal — they collect substantially more valuable and varied personal data for each of their guests. Hotels — especially high-end hotels — collect substantial personal information on their guests to give them a more personalised stay. In addition, hotels often share partnerships with other local companies that their guests may frequent (from restaurants to local entertainment options), giving hotels even more expansive profiles on each guest in their database.

In short, hotels collect and store much more information on each of their guest than simply their name and credit card information. This rich personal data is invaluable to cybercriminals. They can use this data to better impersonate each breached customer, leading to additional identity theft and social engineering attacks against each individuals’ company. By enabling further attacks, breaching a hotel provides cybercriminals much more value than breaching a company in almost any other industry.

However, there is one other reason why hospitality companies are being breached so often. Simply put, they are relatively easy to breach for a few key structural reasons.

The Challenges of Hospitality Cybersecurity
Hotels have transformed into complex, widely interconnected digital environments. Hospitality companies are competing to see who can give their customers the most innovative digital experience. Nearly every hotel now offers their guests dedicated mobile apps, and new digital partnerships with sponsors, travel companies, and other related hospitality and entertainment companies.

But even before hotels began to attempt to excel at digital innovation, the core functionality and structure of most hospitality companies makes them particularly vulnerable to cyber-attacks. Hotels run a massive number of endpoints and remote connections. HVAC controls, wifi systems, alarms, and electronic doors are all common digital features in modern hotels, and each provides cybercriminals with entry points into a hotel’s network. In every hospitality company, each individual regional hotel is directly connected to the company’s entire national (or global) network— which means only one small regional hotel needs to be breached to compromise the entire company.

A hospitality company’s vulnerability to a single point of failure is a massive weakness. Only one employee at one hotel needs to make one mistake to create a global crisis. And these failure points are likely. Hotel computer systems are in constant use from countless terminals. Most of the employees who interface with computers at hotels are not IT employees, nor are they trained to act sensitively to cybersecurity concerns. Many hotels utilise legacy systems, and even modern systems are rarely patched, updated, and protected.

And here’s the really bad news: even if a hotel runs their own networks perfectly, they cannot control one of their many external vendors. And most recent large-scale hotel breaches were not caused by any specific mistake made by the hotel—they were caused by cybercriminals breaching the hotel’s Point of Sale (POS) system.

When you consider the value of data hotels collect, and their high level of vulnerability to breaches, it’s no surprise that the hospitality industry is under siege. But despite these challenges, hospitality companies can take specific actions to quickly secure themselves.

How Hotels Can Protect Their Networks
If a hospitality company wants to secure themselves, they have to take a very specific first step: they have to accept that they will be breached. There are too many factors out of their control. Too many locations and digital entry points. Too many systems in constant use by individuals with too little training. Too many external vendors providing critical partnerships and functionality.

Hospitality companies still need to modernise their infrastructure, train their staff, and hold their partners accountable. But they also need to take proactive measures to ensure their inevitable upcoming breaches will not put them in the news due to their slow response, lost revenue, and damaged reputation. From our experience as a cybersecurity provider, the only way to prevent damage in today’s digital environments is to shift focus away from perimeter defence, and onto taking every measure possible to detect and respond to successful attacks as quickly as they occur!

(Paladion Networks is a Global IT security service provider and a specialised partner for information risk management providing end-to-end services and solutions in Asia, the US, and the Middle East. Paladion is rated as the largest pure-play Information Risk Management partner in Asia. For over 15 years, Paladion has been actively managing information risks for over 700 clients across the world.)

The views expressed within this column are the opinion of the author, and may not necessarily be endorsed by the publication.

Print News Email News Back
Bookmark to Add to NewsvineNewsvine Bookmark with Digg ItDigg
Add RSS to Add to Google Add to My Yahoo! Subscribe with Bloglines Subscribe
* Name :    
* Email :    
* Message :  
»  Lords Hotels and Resorts appoints Ravi Kumar - Regional Sales Manager, Hyderabad
»  The Leela Palaces, Hotels and Resorts announces the appointment of Megha Ajgaonkar as General Manager – Sales
»  Beam Suntory First-Half Sales Rise 12% on Strong Demand for Premium Brands and On-Premise Recovery
»  Click Hotels by Suba appoints Rajan Kalra as Director of Sales
»  The Westin Hyderabad Mindspace appoints Deepak Verma as Director of Sales and Marketing
»  Radisson Blu Resort Dharamshala appoints Siddharth Shanker Giri as Director of Sales
»  Pullman & Novotel New Delhi Aerocity appoints Pavan Kumar as the Director of Sales and Marketing
»  Hyatt Place Gurgaon appoints Swati Arora as Director of Sales
»  Lords Hotels and Resorts appoints Ashutosh Vaidya as General Manager – Sales at Corporate Office, Mumbai
» launches free ‘Digital Starter Kits’ to help restaurants generate more sales
»  DoubleTree by Hilton Pune- Chinchwad appoints Debopriyo Guha as Director of Sales
»  Mercure Hyderabad KCP appoints Shrutika Shankar as Associate Director of Sales
»  Fairmont Jaipur appoints Indu Khatri as Deputy Director Sales & Marketing
»  Novotel Ahmedabad appoints Aditi Pal as Director of Sales & Marketing
»  Sarover Hotels appoints new regional sales manager
»  Wineries to reduce crushing capacity, as wine sales goes down
»  Holiday Inn Express appoints Kiran Challoju as the Portfolio Director of Sales and Marketing
»  Sayaji Hotel appoints Sudeep Mukherjee as the new ‘Market Director of Sales - Indore’
»  Marriott partners with Grab in six Southeast Asian countries
  The Indian Institute of Architects (IIA) Natcon 2020 virtual event concludes successfully
  Winners of The Park Elle Décor Student Contest felicitated at Indian Design ID 2020
Receive the best of Hospitality content in your mailbox.
Weekly e-Newsletter
Events Calendar

© Copyright 2016 Saffron Synergies Pvt Ltd