Tech Talk

Recent posts

Definitely Doug 11/17/23: The Hotel TV Dilemma
Posted: 11/17/2023

In case you missed the memo, people no longer watch television the way that they did ten years ago. Not at home, and not at hotels. Nielsen reported that streaming services cornered 34.8% of TV screen time in July 2022, when they overtook cable for the first time.

Property management systems (PMSs) fundamentally have changed very little since the 1980s. And many hotels still use systems that were built in the eighties, nineties, or aughts. Since then, massive technology changes have occurred: the mobile revolution, cloud computing, distributed ledgers, AI-based large language models, Web 3.0, and other innovations have fundamentally changed both the technological capabilities of software, the way it is designed and built, and expectations for user experience.

Read More +

Definitely Doug 10/20/23: Gluing It All Together
Posted: 10/20/2023

Hardly a day goes by that hotels do not express frustration about the inability to tie together key data sources and technology systems. This is not a new problem; it has been around for decades. Progress has been made on many fronts to be sure, but digitalization has created new issues much faster than solutions.

Read More +

What’s the Buzz Among Today’s Hoteliers?
Posted: 10/17/2023

What’s on the minds of hoteliers? What’s keeping them up at night? And what makes travelers happy and eager to return? Some of the best places to have these candid discussions are at the industry’s conferences and events, and this year’s lineup has not disappointed. From AAHOACON and BITAC, to HITEC and The Hospitality Show, I’ve been traveling steadily, attending 13 events since January.

Technology has become an indispensable part of the guest experience. As travelers increasingly expect tech-enabled convenience, hospitality businesses must continue innovating to meet these demands. While WiFi was once the primary tech offering for hotels, today's guests want more. Integrated proptech solutions are becoming the new standard.

Read More +

comment on this article

Verizon's 10th Annual Data Breach Investigations Report Details the Changing Cyber Threat Landscape

04/27/2017

by Ron Hardin

In the 2017 Data Breach Investigations Report (DBIR) just released, Verizon presents a detailed picture of the nature of cybercrime in the past year. Now in its 10th year, the DBIR provides analytical insight on information from 65 organizations encompassing 42,068 incidents and 1,935 breaches from 84 countries. The key takeaways are troubling, if not necessarily surprising:

Cyberespionage – driven by state-sponsored, corporate or organized-crime actors – is on the rise; now 21% of all cases analyzed, primarily targeting manufacturing, public sector and education organizations.
Ransomware attacks have doubled from previous year – now the 5th most common malware category, up from 22nd in 2014. Ransomware is now categorized as a “prevalent” type of malware.
People remain the soft target in the threat landscape. E-mail phishing is still the “go-to technique” for hackers, linked to 95% of malware installations on user computers. 43% of all data breaches used phishing.
Pretexting is on the rise. In this technique, the bad guys use fake e-mails or phone calls, usually targeting finance and accounting employees, attempting to trick them into wiring money, paying fake invoices or providing sensitive information such as employee W-2 data.
Smaller organizations are more likely to be targets: businesses with fewer than 1,000 employees were victims in 61% of the breaches analyzed.
Organizations are still struggling with the most basic security process – changing and protecting passwords. 81% of all breaches leveraged weak, default, or stolen passwords.

This year’s Verizon report makes the statistical analysis of breach data more actionable for businesses by providing key insights by industry segment, including the Accommodations segment (lodging and restaurants). The good news is that the hospitality industry is no longer the primary target for data thieves: Accommodations and Retail combined represent only 15% of all breaches. Top honors this year go to the Financial segment, with 24% of breaches affecting financial organizations.

The bad news for hospitality operators?

The vast majority of breaches still involve theft of cardholder data from POS systems, and time-to-detection is still measured in months. The report states, “The hospitality industry continues to be inhospitable, at least when it comes to POS breaches, which continue to be as ubiquitous and unsatisfying as the continental breakfast. While hotels likely come to mind first, restaurants also fall into this industry and comprise the majority of the victim population. Often food service victims are smaller businesses without IT departments, CISOs etc., but they do accept payment cards and are therefore a target for opportunistic attack.”

Of the 206 hospitality breaches analyzed, 87% involved POS systems, and all of those breaches utilized either malware, hacking, or both. Threat actors were almost all (96%) external players, usually criminal organizations. The truly depressing statistic is breach timelines. Verizon quotes The Eagles on this point, from the song Hotel California: “You can check out any time you like, but you can never leave.” On average, time-to-compromise is measured in seconds, time-to-exfiltrate – get stolen data out – is days, but times to discovery and containment are still measured in months. Detection of breaches in hospitality rarely occurs from internal security: 85% were detected by external fraud investigations, followed by 4% from law enforcement.

So, what should organizations be doing?

Clearly, many hospitality operators need a more effective information security plan (see article in the Spring 2017 edition of Hospitality Upgrade: Information Security: We’re Doing It Wrong). The Verizon DBIR highlights several recommendations that should be part of your plan for improving security:

Implement better anti-malware defenses. Malware was involved in 94% of breaches in hospitality.
Manage passwords. Don’t use default or easy-to-guess passwords. Don’t use the same password for multiple resources. Don’t share passwords. Don’t allow passwords to go unchanged for long periods.
Fortify remote access, particularly to POS systems. Only allow connections from known sources, and use multi-factor authentication for access, which combines something you know (i.e., user id & password) with something you have, like a cell phone, or something you are, like a fingerprint.
Patch promptly and consistently. Everything requires maintenance, and computer software is no different. Not keeping server and terminal software updated leaves exposed vulnerabilities that the bad guys can leverage in an attack.
Train your users in security awareness. Teach them about phishing, pretexting, and other social-engineering attacks. Encourage them to report anything out of the ordinary. Verizon points out that even a change in system performance or unusual error messages could be an indicator of compromise.
Know what you’re dealing with. Research the threat environment by reading the Verizon DBIR, the associated Verizon Data Breach Digests, and other security publications. The bad guys are studying you – you should be studying them, too.