Hacking Hospitality: State of the Industry & How to Brace for Breaches

As one of the top five industries breached each year, the hospitality segment represents a juicy target for attackers. Possessing IT systems that are often complex, overlapping, and interconnected, what might start as a small initial foothold can quickly expand or migrate to critical business services. When compared to the second half of last year, 2017 has seen a 13 percent increase in data breaches and 164 percent increase in stolen, lost or compromised records. 

Most of the attacks directed against hospitality originate from cyber criminals, not nation states, and as a result, the driving factor behind them is financial gain. The complex nature of hospitality networks means that both corporate networks and point-of-sale (PoS) systems are targeted. This past year successful breaches were approximately a 70/30 split.  By successfully attacking these systems in 2017, hackers were able to compromise companies such as InterContinental Hotels Group, Sabre Hospitality Solutions and Hyatt Hotels. Attacks targeting large corporations such as these ultimately affect thousands of hotels (the Hard Rock, Four Seasons and Trump Hotels chains were all affected by the Sabre incident) and typically cross international boarders, making responses more difficult to coordinate. 

Cybercriminals targeting hospitality traditionally have two methods to capitalize on a successful breach: theft of payment data and ransom of business data. No solution is foolproof, but to minimize the likelihood of a successful attack, and mitigate the effects should one occur, the following are some things to keep in mind: 

  • First, segregate your network. This means using firewalls and other networking devices to ensure that systems can only talk to other systems for which there is a business purpose.
  • Second, ensure that you maintain the most up-to-date software and patches.
  • Third create strong passwords for business systems and change them often; additionally, implement two-factor authentication where possible to prevent credential abuse.
  • Next, protect sensitive data in motion and at rest. Ensure that all sensitive information is transmitted and stored using encryption.
  • And finally, while discussing storage, ensure that a data backup and restoration policy exists for your company. This will greatly minimize the effects of any successful ransomware attacks.

What do you do if despite your best efforts an attacker successfully breaches you network? Whole books have been written devoted to this subject, but the overarching responses should generally include the following:  

  • Designate a group to respond to the breach, establishing this group will allow for the streamlined communication to top managers in the organization to enable quick decision making.
  • Identify the cause of the breach and affected systems to contain the breach. Containment should include resetting passwords for accounts that may have been compromised, blocking access for systems that are known or suspected to have been affected, and patching systems to prevent re-exploitation. This containment also needs to be done in such a way that it doesn’t negatively impact any forensic investigations that may occur.
  • After the bleeding has stopped it’s important to determine the full extent of the breach, what information and accounts were affected, etc. This information will be needed to enable you to properly notify the affected parties and to identify gaps in processes or procedures that need improvement to prevent future breaches.

In the event of a ransomware attack on your systems there are a few additional things to keep in mind. First, don’t pay the ransom. Doing so only encourages future ransomware attacks and provides no guarantee that you will recover your data. If you have a data backup and recovery plan implemented, you will be able to restore the lost data anyway, and if you were encrypting data in transit and in rest securely, then the attacker might have the data, but they shouldn’t be able to use it.

The complexities around security and data protection are real and won’t become easier any time soon. Therefore OpenKey, creator of the universal standard for mobile keyless hotel access, entrusts Armor as their go-to cloud security team.

Remember, you are not alone. Third-party, security services like Armor were founded for this very reason. We are dedicated to fight against hackers and those who wish to do harm, and want to ensure the protection and security of your most valuable data. To learn more about how we protect customers, visit: https://www.armor.com/extend-security-team/

For additional resources, check out our joint infographics with customer OpenKey and collaborator Venza:

2017 Hasn’t Been Easy

Top 5 Industries Breached

Resource Center

More security resources at your fingertips.

Practical Content for Security, DevOps, & IT Professionals