Tech Talk

Recent posts

Think about the moment when you first enter your hotel room. Look around: Does the room tell you anything unique about the hotel where you are staying? Or is it all beige walls and double beds with white covers, and you have to walk back outside and look at the sign on the hotel’s facade to even remember where you are?

Hotel guests commonly bring multiple devices with them during their stay. However, many hotel environments don’t provide easy access to charging outlets. This situation can lead to a guest feeling more than inconvenienced. A recent survey found almost 90 percent of people "felt panic" when their phone battery dropped to 20 percent or below.

Spam is one of the major problems that most hotel website owners face on regular basis. It is a bad practice used by spammers to persuade the page rank of a site.

GBTA recently partnered with AccorHotels to conduct a study investigating the role of loyalty in managed travel programs in Europe with the goal of understanding how loyalty programs currently fit within company travel policy and what opportunities may exist in the future.

People today expect to be connected always and everywhere; sometimes it’s hard to believe that there was a world before smartphones and Wi-Fi. In the time since Wi-Fi became ubiquitous in hotels, apartments, and public spaces, it has fueled the evolution of connectivity in a lot of ways. Just like Maslow’s hierarchy of needs, the most basic needs start at the bottom, and you can’t get to the next level without a strong foundation. 



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

What to Expect When You’re Expecting….in Cyber Security

11/08/2013

When a new child is coming into this world the endearing couple is anxiously awaiting the special delivery and wonder if they are prepared. Most couple research extensively to prepare for the event. Similar to this rite of passage, the hospitality industry is awaiting a delivery of a darker kind and one that each professional should be anxiously monitoring.

Former Defense Secretary Leon E. Panetta warned that the United States was facing the possibility of a cyber-Pearl Harbor and was increasingly vulnerable to foreign computer hackers.

In varying degrees we are all connected to this new delivery termed cyberwarfare, the next evolution of cybersecurity and the impact on all of us is remarkable. Cyberattacks are increasing because technology is changing minute to minute, data is doubling every year, and more than 2 billion people are online. In an excerpt from InfoWorld, January 28, 2013, author Israel Martinez from the Cyber Security Council writes, “The paradigm in the U.S. must shift from defense to offense. This type of threat is going to be a very big problem for us over the next 12 months."

Is the hospitality industry apprehensive about this newborn? Rest assured, there are new people, processes and technology that can help avoid cyberparalysis, poor investments and help prepare an effective cyberdefense and offense.

The term cyberwarfare implies a series of battles with a virtual enemy, and recent experience proves it to be true. For many of us, it means the days of simply complying with standards (e.g., PCI, SOX 404, HIPAA) are over. While compliance will remain important, new threats introduce a need to prepare against a generation of malware and actors that have earned the acronym advanced persistent threats (APTs). Sadly, achieving compliance will no longer save us from global cyberattacks on our hotels nor will it save us from a new generation of accountability. Earlier this year, Wyndham experienced this as the FTC filed a complaint against the corporation suggesting companies must live up to the promises made about privacy and data security.

According to industry experts advanced persistent threats now abound. As discussed at the Gartner conference in 2012, “You’re already infected, you just don’t know it.” An APT combines malware and human resources to effectively and purposely breach specific organizations, especially those with personal client information. This new generation of APTs is so sophisticated and persistent it will seek to penetrate devices until the objective is achieved and cover tracks to exploit access in future initiatives. These attacks are against privacy, i.p., data and stability via our IP networks, computers, servers, cell phones, smartphones, social network sites and even against internal business systems required to support operations. Moreover, the HP 2012 Cyber Risk report, demonstrates that an APT is already located inside a network for an average 418 days before it’s discovered.

Because of these APTs, accountability methods and consequences by government, board members, industry, fiduciary mandates and customers are evolving quickly. Effective cybersecurity within a strong enterprise risk management strategy, combined with regulatory compliance, is now the new mandate. Leadership must consider this an integral part of their business strategy and even a board-level issue when relevant. New generation consequences for sub-standard cybersecurity now range from digital reputation damage, fines and even stock price loss. Many believe corporations like Nortel have gone out of business because of APTs and the chain reaction of ill preparedness.

Is the industry prepared for the responsibilities of the new effects of cyberwarfare? In the March 28, 2013 WallStreet Journal, Shawn Henry, former executive assistant director for the FBI, said “The current public and private approach to fending off hackers is unsustainable. Computer criminals are simply too talented and defensive measures too weak to stop them.” 

The U.S. Federal Government is introducing yet greater accountability and remediation methods including a Presidential Directive, House Bill known as CISPA, The Cyber Intelligence Sharing and Protect Act . CISPA encourages industry to voluntarily share cyberthreat information with the U.S. government and the most recent draft has a provision for the private sector to counter an attack. This directive is meant to proactively affect small and large operators in the private and public sector in an effort to combat this threat that impacts critical infrastructure.

How should the hospitality industry prepare for this new generational threat? Here are some key tips gathered from security experts that might help.

1. Leverage new approaches. Technology and the subject matter is evolving quickly.

   a. Security intelligence: the art/science of detecting assets that are already infected. That list already exists. One company is collecting more than 7 million newly APT infected devices per day. A company can simply run a report to see if its IT assets are listed.

   b. Mobile device sales are dwarfing PC sales and account for more than 12 percent of global Internet traffic. Detecting and remediating advanced malware on a mobile device including current compromises which bypassed all of the existing security solutions should be part of the strategy. This type of solution has no additional hardware investment and runs in the cloud.

   c. State-of-the-art tactics are available to analyze digital behavior.

2. Consider cybersecurity insurance. As stated by the Department of Homeland Security, “Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage and cyber extortion.”

3. Stay informed, education exists and is available today. 

   a. Stay on top of cybersecurity legislation as it evolves.

   b. Employee training regarding topics like social engineering threats such as spear phishing is critical.

   c. Leadership knowledge is available, such as what every CxO should know before during and after a cyberbreach. This type of knowledge training can also apply to senior hotel leadership.

   d. SANS Institute supplies education courses online and in the classroom, as well as supporting material including, the top 20 critical security controls.

Take action. Even the consideration of one of these tips may save a property, corporation and valuable guests.

About The Author
Karen O'Neill
President
KnockOut Hospitality Consulting LLC


Karen O'Neill is a thought leader and hospitality industry veteran with 20 years of experience supporting top tier hospitality and restaurant clients. She is the founder and President of KnockOut Hospitality Consulting LLC, working closely with hospitality companies as they look to optimize, streamline and energize their operations and initiatives. She can be reached at Karen@ConsultKO.org, and for more information at www.ConsultKO.org.

 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code