October 25, 2016
Cyber Security
Chris Novak
With global cyberthreats that continue to increase in frequency and scale, the need for cybersecurity and resiliency is one of the most dominant issues facing hospitality companies and their boards of directors today. Protecting confidential customer information is critical to building a trusting relationship with customers and upholding a company’s brand.
So, what are some of the big cybersecurity issues keeping hospitality CIOs and CSOs up at night? Within the backdrop of Verizon’s Annual Data Breach Investigations Report, we’ll offer recommendations on how hoteliers and other hospitality organizations can strengthen security to better serve guests, including today’s highly digital and mobile consumer population.
How does this apply to hospitality specifically? According to Verizon’s research, the vast majority of security incidents across the hospitality industry involved point-of-sale (POS) intrusions (74 percent) and denial-of-service attacks (20 percent), with insider or privilege misuse accounting for the rest. POS intrusions, in fact, were the culprit behind many of the high-profile data breaches that affected major hospitality brands last year. And more concerning, many successful attacks used POS vendors as an entry point to gain access to customer data, meaning that it’s not enough to solely focus on your company’s assets.
WHO ARE THESE PERPETRATORS ANYWAY?
Organized crime rings, often originating in Eastern Europe, are commonly behind many of these attacks. Typically, these bad actors are highly knowledgeable in both POS and property management software environments. Smash-and-grab patterns target customer payment data, though other types of data are not immune. The perpetrators behind the vast majority of successful breaches often leverage legitimate credentials to access the POS environment, and then install malware to capture payment card data. And significantly, corporate-owned assets typically serve as pivot-points between properties.
89% of confirmed breaches had a financial or espionage motive.
63% of confirmed breaches involved leveraging weak, default or stolen passwords.
30% of phishing messages were opened in 2015, and 12% of targets clicked on the malicious attachment or link.
CYBERSECURITY SNAPSHOT
Verizon’s Data Breach Investigations Report (DBIR) reflects incident data from contributing organizations across the globe. The 2016 DBIR provides insights based on more than 100,000 incidents, including 2,260 analyzed breaches from across 82 countries.
Chris Novak leads Verizon’s global security digital forensics practice and knows fi rsthand what’s happening on the frontlines of the battle to protect corporate assets and proprietary client data from cybercriminals. Additional cybersecurity information and resources are available at verizonenterprise.com.
©2016 Hospitality Upgrade
This work may not be reprinted, redistributed or repurposed without written consent.
For permission requests, call 678.802.5302 or email info@hospitalityupgrade.com.
==========
TO PROTECT AND DEFEND
To avoid falling victim to a damaging and often costly cyberattack, consider these recommendations for the three most common types of attacks on the hospitality industry:
Point-of-sale intrusions
Implement two-factor authentication: Experience has shown multi-factor authentication is critical. Also, given that many attacks come through vendors, seek out partners that also use strong authentication.
Monitor and separate: Track who is using your POS systems – how and when – to ensure they are only being accessed by credentialed personnel. Also, separate the POS environment from the corporate LAN, so that it’s not visible to the entire internet.
Use application whitelisting: Preventing unauthorized programs from running helps to protect networks and systems from exposure to harmful applications.
Denial-of-service (DOS) attacks
Segregate key servers: Separate critical systems onto different network circuits.
Have a mitigation plan: Know the details of your DoS mitigation service. Brief key operations staff on the best course of action should an incident occur.
Test for gaps: Test and update your plan regularly as your infrastructure and processes change, and as new DoS techniques emerge.
Insider and privilege misuse
Monitor user behavior: Put processes in place to track daily system usage, particularly for anyone with access to financial account details or personally identifiable information (PII).
Track USB usage: Don't leave yourself in a position where you find out that an employee has taken data after leaving the company.
Know your data: To protect your data, you need to know what data you have, where it is and who can access it. Where possible, restrict data access to those who really need it.