Tech Talk

Recent posts

Definitely Doug 6/9/23: Hotels Fighting Trafficking: The Role of Technology
Posted: 06/09/2023

This week I want to address an important issue for the hospitality industry, albeit one that technologists have not historically had on their radar. They can potentially play a significant role in addressing the issue, which is human trafficking, and more specifically sex trafficking.

In my last column, I reviewed some key trends in autonomous mobile robotics for hotels, and dove into three categories of delivery robots in more detail – room delivery, food delivery, and heavy-lift robots. This week I will round out the topic with several other robot types and applications, as well as general guidance for evaluating, acquiring, and adopting mobile autonomous robotics. If you have not yet read part one, I recommend going back and doing so before continuing below, as some of the introductory material is important background to what follows.

Read More +

Best Practices for Hotel & Resort Operators in Pool Season 2023
Posted: 05/25/2023

With the arrival of warmer weather and summer fast approaching, hospitality operators are gearing up for another pool season. This year, technology is at the forefront of driving booking revenue and taking operational efficiency to the next level. Modern technology platforms (such as hospitality’s newest technology category – the Property Experience Management System or PXMS) are providing brand new capabilities that unlock new strategies and approaches to filling the pool with satisfied guests.

Read More +

The Growing Role Technology Plays in Hotels and Restaurants
Posted: 05/25/2023

In the past few years, hotels and restaurants have grown into hubs for entertainment, leisure, and human connection. In an effort to best serve their guests, operators have begun rethinking their technological investments and working to adapt to recent shifts in consumer preference and operations. To ensure that guests have the best on-site experience possible, brands are increasingly looking to new technologies to make their experiences more convenient and comfortable. Advanced property management systems (PMS) and point-of-sale (POS) systems can increase operational and staff efficiency, while also meeting changing customer expectations for a high-value but relatively low-touch experience.

This week I will return to a topic I have covered before, because it has, within the last 12 to 18 months, become one of the hottest-growth categories in hospitality technology. That topic is autonomous mobile robots – specifically, ones that can move around the facility as well as perform specific tasks. Many of these products were launched pre-Covid but were often seen at the time as more of a marketing gimmick than a legitimate operational solution.

Read More +

comment on this article

Verizon's 10th Annual Data Breach Investigations Report Details the Changing Cyber Threat Landscape

04/27/2017

by Ron Hardin

In the 2017 Data Breach Investigations Report (DBIR) just released, Verizon presents a detailed picture of the nature of cybercrime in the past year. Now in its 10th year, the DBIR provides analytical insight on information from 65 organizations encompassing 42,068 incidents and 1,935 breaches from 84 countries. The key takeaways are troubling, if not necessarily surprising:

Cyberespionage – driven by state-sponsored, corporate or organized-crime actors – is on the rise; now 21% of all cases analyzed, primarily targeting manufacturing, public sector and education organizations.
Ransomware attacks have doubled from previous year – now the 5th most common malware category, up from 22nd in 2014. Ransomware is now categorized as a “prevalent” type of malware.
People remain the soft target in the threat landscape. E-mail phishing is still the “go-to technique” for hackers, linked to 95% of malware installations on user computers. 43% of all data breaches used phishing.
Pretexting is on the rise. In this technique, the bad guys use fake e-mails or phone calls, usually targeting finance and accounting employees, attempting to trick them into wiring money, paying fake invoices or providing sensitive information such as employee W-2 data.
Smaller organizations are more likely to be targets: businesses with fewer than 1,000 employees were victims in 61% of the breaches analyzed.
Organizations are still struggling with the most basic security process – changing and protecting passwords. 81% of all breaches leveraged weak, default, or stolen passwords.

This year’s Verizon report makes the statistical analysis of breach data more actionable for businesses by providing key insights by industry segment, including the Accommodations segment (lodging and restaurants). The good news is that the hospitality industry is no longer the primary target for data thieves: Accommodations and Retail combined represent only 15% of all breaches. Top honors this year go to the Financial segment, with 24% of breaches affecting financial organizations.

The bad news for hospitality operators?

The vast majority of breaches still involve theft of cardholder data from POS systems, and time-to-detection is still measured in months. The report states, “The hospitality industry continues to be inhospitable, at least when it comes to POS breaches, which continue to be as ubiquitous and unsatisfying as the continental breakfast. While hotels likely come to mind first, restaurants also fall into this industry and comprise the majority of the victim population. Often food service victims are smaller businesses without IT departments, CISOs etc., but they do accept payment cards and are therefore a target for opportunistic attack.”

Of the 206 hospitality breaches analyzed, 87% involved POS systems, and all of those breaches utilized either malware, hacking, or both. Threat actors were almost all (96%) external players, usually criminal organizations. The truly depressing statistic is breach timelines. Verizon quotes The Eagles on this point, from the song Hotel California: “You can check out any time you like, but you can never leave.” On average, time-to-compromise is measured in seconds, time-to-exfiltrate – get stolen data out – is days, but times to discovery and containment are still measured in months. Detection of breaches in hospitality rarely occurs from internal security: 85% were detected by external fraud investigations, followed by 4% from law enforcement.

So, what should organizations be doing?

Clearly, many hospitality operators need a more effective information security plan (see article in the Spring 2017 edition of Hospitality Upgrade: Information Security: We’re Doing It Wrong). The Verizon DBIR highlights several recommendations that should be part of your plan for improving security:

Implement better anti-malware defenses. Malware was involved in 94% of breaches in hospitality.
Manage passwords. Don’t use default or easy-to-guess passwords. Don’t use the same password for multiple resources. Don’t share passwords. Don’t allow passwords to go unchanged for long periods.
Fortify remote access, particularly to POS systems. Only allow connections from known sources, and use multi-factor authentication for access, which combines something you know (i.e., user id & password) with something you have, like a cell phone, or something you are, like a fingerprint.
Patch promptly and consistently. Everything requires maintenance, and computer software is no different. Not keeping server and terminal software updated leaves exposed vulnerabilities that the bad guys can leverage in an attack.
Train your users in security awareness. Teach them about phishing, pretexting, and other social-engineering attacks. Encourage them to report anything out of the ordinary. Verizon points out that even a change in system performance or unusual error messages could be an indicator of compromise.
Know what you’re dealing with. Research the threat environment by reading the Verizon DBIR, the associated Verizon Data Breach Digests, and other security publications. The bad guys are studying you – you should be studying them, too.