How Can Hotels Protect Against Cyberattacks?
Cybersecurity experts believe that 3 out of 4 hotels are vulnerable to cyberattacks. Hotels are appealing targets to cyber criminals due to the large number of transactions processed daily. These transactions require the use of personal information including passport numbers, email addresses and payment information. Cybercriminals are also becoming more sophisticated and are developing new methods to infiltrate hotel networks.
Many hotels and businesses currently face a host of cyber threats, including phishing attacks, spoofing attacks, ransomware attacks and distributed denial of service (DDoS) attacks. These types of attacks not only cause a major disruption of hotel operations, but they can also result in thousands of dollars in lawsuits, fines, and the cost to recover data. Cybercriminals have the ability to target hotels across the globe without even being in the same geographical location.
2022 Verizon Data Breach Investigation Report Analysis
The 2022 Verizon Data Breach Investigation Report for the retail, hospitality, and travel sectors, found that the most common types of cyber-attack methods were stolen credentials, ransomware and phishing attacks. These cyber-attacks targeted payment data, personally identifiable information, credentials, and intellectual property. The majority of cyber-attacks resulted from employee error, 82% of incidents resulted from employees clicking on phishing links or failing to follow standards which resulted in the compromising of the business email. 73% of breaches were executed externally, 18% were executed internally and 39% of attacks originated with third-party vendors. With cyberattacks becoming more prevalent, how can hotels work to prevent them?
Cyber-Attacks are Costly
According to IBM’s Cost of Data Breach Report for 2022, data breach costs increased by 13% from 2020 to 2022. 83% of businesses studied have had more than one data breach, 60% of businesses that experienced data breaches resulted in increase in prices that were passed on to customers. The average data breach in the U.S. cost over twice as much as the global average, costing $5.09 million more than the global average. The average cost of data breaches in the U.S. is $9.44 million compared to $4.45 million for the global average. In 2021 the total cost for a data breach in the Hospitality Industry was $3.03 million.
Cyber Threats Faced by Hotels
Phishing Attacks
According to Verizon’s Data Breach Report , 94% of malware were delivered to computers through email. Phishing attacks send emails to trick users into clicking on links or opening attachments. These emails are designed to mimic legitimate emails sent out by coworkers or by management, they can potentially corrupt your software or hotel network.
Ransomware Attacks
Ransomware attacks are the most common method used by cybercriminals, it involves using malware to infect computers or mobile devices and restricts access to files. Most cybercriminals will threaten the permanent destruction of data or threaten to expose information unless a specified amount is paid. Ransomware breaches have increased from 7.8% of breaches in the 2021 to 11% in 2022 and the average cost to recover from a ransomware attack is 4.54 million. Only 8% of businesses fully recovered their data after paying a ransom.
How can Hotels Prevent Cyber-Attacks?
Training
82% of incidents resulted from human error, and these errors were split between clicking on phish links and failing to follow standards which resulted in the compromising of business email. Phishing attacks send emails to trick users into clicking on links or opening attachments. These emails are designed to mimic legitimate emails sent out by coworkers or by management, they can potentially corrupt your software or hotel network. Security protocols need to be put in place to properly ensure that staff are trained on how to handle customer information and how to spot potential cyber threats that could result in a security breach. Training employees reduce data breach costs by $247,758.
Protection for Remote Workers
The pandemic resulted in an increase in remote work, remote hotel workers use their personal computers daily and hotels need to ensure that a virtual private network (VPN) is established in order to protect against possible cyber threats. The remote workforce cost $152,465 in data breach charges for businesses.
Investment in Cybersecurity
There are numerous cyber threats being faced by the Hotel Industry and it is essential that hotels invest in a hotel cyber security system that protects their businesses. Hotels can begin by ensuring that they are in compliance with Payment Card Industry Data Security Standards (PCI-DSS) in order to protect their data and also to prevent penalties in the event of a data breach. Compliance failures resulted in $258,293 costs for businesses that failed to meet standards. Most IT leaders recommend using enterprise-grade providers in order to secure point-of-sale systems and property management systems. Hotels will need to find providers that ensure that they are in compliance with the standards required and that they are being monitored for internal and external cyber-attacks.
Cyber Insurance Policies
The U.S. experiences the highest security data breach costs, with an average of $9.44 million per event. There are numerous cyber risks that hotels need to prepare for, and it is expensive to fully recover from a cyberattack, cyber insurance policies can ensure that hotels know how to properly respond to a cyberattack. Hotels can secure coverage for legal expenses, fines, loss of income and credit monitoring, insurance protection can help hotels to reduce data breach costs by $240,488.