Winter 2024

view the digital EDITION
by
Christopher R. Wilder
Jan 20, 2025

Technology and Trust: A Cybersecurity Veteran’s View of What’s Next in Security

For over two decades, I have had the privilege of standing at the intersection of technology and trust, navigating the complex realm of cybersecurity across various industries. However, few sectors are as uniquely challenging as hospitality, not only because of the rapid pace of innovation but also due to the high stakes involved: one breakthrough can enhance a brand's reputation, while one breach can severely damage it.

Tech Trend Predictions for 2025
Publisher's Letter
Outlook for 2025
Five Hospitality Technology Predictions for 2025
Technology and Trust: A Cybersecurity Veteran’s View of What’s Next in Security
The Game-Changing Influence of AI on the Hotel Tech Ecosystem
The USALI 12th Revised Edition, An Expert Overview of Updates
Corporate Digital Responsibility Code of Conduct Pillars of Effectiveness
Overview from the 2024 HFTP Compensation and Benefits Survey
Remembering Mr. Harris Rosen

Technology and Trust: A Cybersecurity Veteran’s View of What’s Next in Security

by
Christopher R. Wilder
Jan 20, 2025
Cybersecurity
Share

For over two decades, I have had the privilege of standing at the intersection of technology and trust, navigating the complex realm of cybersecurity across various industries. However, few sectors are as uniquely challenging as hospitality, not only because of the rapid pace of innovation but also due to the high stakes involved: one breakthrough can enhance a brand's reputation, while one breach can severely damage it.

The hospitality industry thrives on seamless, memorable guest experiences. From IoT-enabled smart rooms to AI-driven personalization, technology transforms how we welcome, serve, and delight customers. But if not implemented and secured carefully, this technology can become the Achilles' heel of even the most renowned brands. Allow me to share insights drawn from experience and offer a battle tested vision for how successful IT and security teams achieve that delicate balance between innovation and vigilance.

Lessons from the Field:

The Early Morning Wake-Up Call No One Wanted

My team and I conducted a red-team exercise for a major casino several years ago. A red-team operation involves simulating a cyber and physical attack to evaluate an organization's defenses and, more importantly, gauge how its security team responds. The goal is to identify vulnerabilities and understand the team's readiness to defend itself. In over 20 years of conducting these operations, I've never been detected.

Within minutes of starting and a day early, we found a flaw in the casino's smart TV systems. What began as a minor oversight turned into full access to the network. By the time we were done - just 11 minutes later - we had total control of all their critical systems, including the cash rooms and slot machines, and we even created a master key to the entire operation. The casino's security team didn't even realize we were there.

The casino incident wasn’t an isolated event. At a well-known hacking conference in Las Vegas, a group of competitive (alleged white hat) hackers started one-upping each other at a bar, testing their skills on the casino's systems. What began as a game escalated into chaos when the lights went out, and the slot machines fell silent, leading to hundreds of thousands of dollars in lost revenue. These examples underscore a grim reality; often overlooked systems and technological vulnerabilities frequently make way for catastrophic breaches in the hospitality industry.

The Journey of a Successful IT and Security Team

Achieving success in hospitality IT and security operations starts with recognizing that each piece of technology, whether a smart thermostat, a robotic butler, or a guest's digital room key, can be both an asset and a potential liability.

Wrapping it Up: A Vision for the Future


Reflecting on my cybersecurity experiences, one lesson stands out: technology is neither inherently good nor bad. Its impact depends entirely on how it's implemented and managed. Successful hospitality IT and security teams understand this. They approach technology with ambition and caution, seeking to innovate while protecting what matters most: guest trust and operational integrity.

The road ahead requires a clear vision and steady hands. With the right strategies, hospitality leaders can turn today's challenges into tomorrow's opportunities, delivering memorable and secure experiences for their customers, partners, employees and the community.

Here's how effective teams turn this challenge into an opportunity.

Building a Foundation for Cyber Hygiene

Every effective IT and security team begins with the fundamentals in IT, sports, or the military. Every team should start with the fundamentals, and cyber is no different. It serves as the foundation for more advanced strategies. Implementing regular software updates, multi-factor authentication, strong password protocols, and comprehensive vulnerability scans are all vital practices.

Training is equally important. Teams that consistently educate employees—from housekeeping staff to senior managers— on recognizing phishing attempts and suspicious activities create a human firewall that complements technical defenses. Vendors and contractors aren’t exempt; they must also adhere to rigorous security standards, which are non-negotiable.

Leverage IoT and Automation Responsibly


The allure of IoT and automation is undeniable. These technologies optimize energy consumption, automate routine tasks, and enhance the guest experience with personalized touches. However, each connected device serves as a potential entry point for cybercriminals.
Effective teams encrypt IoT devices, ensure the firmware is regularly updated, and integrate systems into a central monitoring platform. They conduct penetration and red team tests to uncover vulnerabilities before bad actors exploit them and empower staff with tools to address anomalies quickly. Also cyber range training is recommended to improve your team’s situational awareness in the event of an attack.

Secure Digital Keys and Contactless Systems – The Silent Threats

Contactless technology is here to stay. It enables guests to bypass the front desk and use their smartphones to unlock rooms. However, these systems are prime targets for devices like the Flipper Zero, which can clone keys, steal credit card numbers, turn systems on and off, exploit poorly secured connections, and can be purchased off the shelf for less than $200 US.

To counteract this, successful teams implement dynamic encryption and biometric authentication. They also educate guests about protecting their digital interactions, turning potential weaknesses into moments to build trust.

Personalize Guest Experiences with AI: Data Protection Policies are a Must!

Unless you’ve been under a rock for the past two years, AI is a game-changer in hospitality, enabling hyper-personalized services that delight guests and drive loyalty. However, personalization requires handling large amounts of sensitive data.

Leading teams create strong policies for data classification, retention, and purging. They encrypt guest data at every stage and ensure that only authorized personnel can access it. Combining AI innovation with robust data governance enhances the guest experience while protecting privacy.

Anticipate and Defend Against the Scourge of Ransomware

Ransomware attacks can cripple operations and destroy reputations. The best-prepared teams know this and sadly, most don’t take proactive measures.
Proactive teams maintain offline backups, enforce access controls, and use AI-driven cybersecurity tools to detect and neutralize threats in real time. Regularly rehearsing incident response plans ensures that if an attack occurs, the team can act swiftly to minimize disruption. Cyber range training and threat intelligence platforms are always good investments.

The hospitality industry also poses new challenges regarding governance, risk and compliance (GRC) requirements. Many jurisdictions now mandate the disclosure of breaches within specific timeframes, often as short as 72 hours. Non-compliance can result in regulatory fines and a loss of public trust. Successful teams stay proactive by developing breach disclosure protocols and collaborating closely with legal advisors to meet these evolving requirements. For management, know the requirements and comply with the law.

The Human Element: Address Broader Risks, Like Human Trafficking

The transient nature of hospitality makes it susceptible to illicit activities such as human trafficking. Technology can play a crucial role in prevention. Effective teams deploy AI- powered surveillance systems and behavioral analytics to detect suspicious patterns. They also train employees to recognize red flags and partner with law enforcement and NGOs to address these risks comprehensively.

Sci-Fi Meets Reality: Harness Robotics and Drones for Security

Robots and drones enhance security by patrolling perimeters, monitoring large properties, and delivering items safely. They complement human teams rather than replace them.

Geofencing, tamper-resistant designs, and centralized oversight are essential for maintaining the security and effectiveness of these technologies.

Manage Third-Party Risk: It’s About the Knowns and Unknowns

One often overlooked area in hospitality cybersecurity is third-party risk management (TPRM). Vendors and partners frequently access sensitive data or systems, making them potentially weak links in your security chain. Alarmingly, nearly 80% of the ransomware negotiations I conduct today arise from breaches involving third-party vendors. I know this because I have likely negotiated a ransomware attack for your competitors and data partners. Guess what? Your data has a 95% chance of being exfiltrated if you experience a breach.

Effective teams consistently monitor and evaluate third-party partners. They implement strict data-sharing protocols, limit access to sensitive systems, and ensure that partners adhere to the same cybersecurity standards as the organization. Proactive TPRM strategies help to address these commonly exploited vulnerabilities.

Foster Community Relationships

Security goes beyond technology, especially in remote or budget properties. Building relationships with local law enforcement, hiring local staff, and engaging with community leaders can enhance situational awareness and response capabilities. Affordable tools like motion sensors and solar-powered cameras complement this community-driven approach.

Christopher “CW” Wilder has more than 25 years of expertise in intelligence and technology. A Desert Storm veteran, he served in the US Navy, working with intelligence, law enforcement, and special operations to combat drug cartels, terrorists, and criminal networks in Central America and the Middle East. After his military service, CW continues to work with the US State Department, intelligence agencies, law enforcement, and the Department of Defense to apply technology and tactics in support of initiatives against drug interdiction, anti-poaching, and human trafficking worldwide.

ARTICLES BY THE SAME AUTHOR

Let's Get Digital

7 Questions to Ask Before You Invest in a Hotel Mobile App

DOWNLOAD

Make a Better PMS Choice!

Not all properties are ready for PMS in the cloud. The good news is, at Agilysys it’s your choice on your timing. State-of-the-art leading PMS in the cloud or on-premise PMS. Either way we say YES.

DOWNLOAD
THE LATEST HOTEL, BOUTIQUE, CRUISE, GAMING AND HOSPITALITY TECHNOLOGY NEWS AND TRENDS
Phone: 678.802.5300
Address: 7301 Ranch Road 620 N, Ste 155-193, Austin, TX USA 78726-4537
© 2024 Hospitality Upgrade. All rights reserved.

BROWSE

WHO WE AREEventsNewsVendorsMagazineTech TalkContact us

Our Events

Keep Up to Date on All Latest Industry News

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.