Tech Talk

Recent posts

Merging High Tech With High Touch to Create a New Hospitality Paradigm
Posted: 03/23/2023

One of the key challenges facing today’s hoteliers is that of high tech vs high touch. Does technology conflict with personalized service? Is it possible to offer both during the same visit? And can hotels that utilize technology in favor of human interaction achieve guest loyalty?

Business travel is picking back up and families may be taking their first or second real vacations since the pandemic cancelled so many plans just a few years ago. To ensure that guests have the best on-site experience possible, hoteliers are increasingly looking to new technologies to make their stay more comfortable than ever. With an advanced property management systems (PMS) and integration platforms, hoteliers can increase operational and staff efficiency, but also meet changing guest expectations for a high-value but relatively low-touch experience. We looked ahead to see what changes we expect to see sweeping the hospitality industry this year.

Long-term readers of this blog know that I rarely focus on a single company or product. My goal is to help readers understand new and emerging technologies, when and why they might be useful, and what to consider if you are buying them.

Read More +

The Future of Hotels
Posted: 02/21/2023

Hotels have always been a high-touch low-tech business. Today, and into the foreseeable future, hotels are moving away from the pure ‘people serving people’ model towards a more high-tech low-touch business, and doubling down on digitalization. In the paragraphs below, I envision ways in which tech can innovate and enhance the guest experience throughout the guests’ 6 stage hotel journey: Imagine-Book-Stay-Report-Recommend-Return.

Read More +

Definitely Doug 2/10/23: Planning for June
Posted: 02/10/2023

The question I have heard most often in recent months is “where are you going in the last week of June?”. As most readers are aware, two trade shows featuring hotel technology are scheduled during the same dates that week. Many of you are still undecided which to attend. Knowing that your decision will be based at least in part on where others are going (hoteliers and exhibitors both), I decided to try to get some real data that I could share.

Read More +

comment on this article

Verizon's 10th Annual Data Breach Investigations Report Details the Changing Cyber Threat Landscape

04/27/2017

by Ron Hardin

In the 2017 Data Breach Investigations Report (DBIR) just released, Verizon presents a detailed picture of the nature of cybercrime in the past year. Now in its 10th year, the DBIR provides analytical insight on information from 65 organizations encompassing 42,068 incidents and 1,935 breaches from 84 countries. The key takeaways are troubling, if not necessarily surprising:

Cyberespionage – driven by state-sponsored, corporate or organized-crime actors – is on the rise; now 21% of all cases analyzed, primarily targeting manufacturing, public sector and education organizations.
Ransomware attacks have doubled from previous year – now the 5th most common malware category, up from 22nd in 2014. Ransomware is now categorized as a “prevalent” type of malware.
People remain the soft target in the threat landscape. E-mail phishing is still the “go-to technique” for hackers, linked to 95% of malware installations on user computers. 43% of all data breaches used phishing.
Pretexting is on the rise. In this technique, the bad guys use fake e-mails or phone calls, usually targeting finance and accounting employees, attempting to trick them into wiring money, paying fake invoices or providing sensitive information such as employee W-2 data.
Smaller organizations are more likely to be targets: businesses with fewer than 1,000 employees were victims in 61% of the breaches analyzed.
Organizations are still struggling with the most basic security process – changing and protecting passwords. 81% of all breaches leveraged weak, default, or stolen passwords.

This year’s Verizon report makes the statistical analysis of breach data more actionable for businesses by providing key insights by industry segment, including the Accommodations segment (lodging and restaurants). The good news is that the hospitality industry is no longer the primary target for data thieves: Accommodations and Retail combined represent only 15% of all breaches. Top honors this year go to the Financial segment, with 24% of breaches affecting financial organizations.

The bad news for hospitality operators?

The vast majority of breaches still involve theft of cardholder data from POS systems, and time-to-detection is still measured in months. The report states, “The hospitality industry continues to be inhospitable, at least when it comes to POS breaches, which continue to be as ubiquitous and unsatisfying as the continental breakfast. While hotels likely come to mind first, restaurants also fall into this industry and comprise the majority of the victim population. Often food service victims are smaller businesses without IT departments, CISOs etc., but they do accept payment cards and are therefore a target for opportunistic attack.”

Of the 206 hospitality breaches analyzed, 87% involved POS systems, and all of those breaches utilized either malware, hacking, or both. Threat actors were almost all (96%) external players, usually criminal organizations. The truly depressing statistic is breach timelines. Verizon quotes The Eagles on this point, from the song Hotel California: “You can check out any time you like, but you can never leave.” On average, time-to-compromise is measured in seconds, time-to-exfiltrate – get stolen data out – is days, but times to discovery and containment are still measured in months. Detection of breaches in hospitality rarely occurs from internal security: 85% were detected by external fraud investigations, followed by 4% from law enforcement.

So, what should organizations be doing?

Clearly, many hospitality operators need a more effective information security plan (see article in the Spring 2017 edition of Hospitality Upgrade: Information Security: We’re Doing It Wrong). The Verizon DBIR highlights several recommendations that should be part of your plan for improving security:

Implement better anti-malware defenses. Malware was involved in 94% of breaches in hospitality.
Manage passwords. Don’t use default or easy-to-guess passwords. Don’t use the same password for multiple resources. Don’t share passwords. Don’t allow passwords to go unchanged for long periods.
Fortify remote access, particularly to POS systems. Only allow connections from known sources, and use multi-factor authentication for access, which combines something you know (i.e., user id & password) with something you have, like a cell phone, or something you are, like a fingerprint.
Patch promptly and consistently. Everything requires maintenance, and computer software is no different. Not keeping server and terminal software updated leaves exposed vulnerabilities that the bad guys can leverage in an attack.
Train your users in security awareness. Teach them about phishing, pretexting, and other social-engineering attacks. Encourage them to report anything out of the ordinary. Verizon points out that even a change in system performance or unusual error messages could be an indicator of compromise.
Know what you’re dealing with. Research the threat environment by reading the Verizon DBIR, the associated Verizon Data Breach Digests, and other security publications. The bad guys are studying you – you should be studying them, too.