When a new child is coming into this world the endearing couple is anxiously awaiting the special delivery and wonder if they are prepared. Most couple research extensively to prepare for the event. Similar to this rite of passage, the hospitality industry is awaiting a delivery of a darker kind and one that each professional should be anxiously monitoring.

Former Defense Secretary Leon E. Panetta warned that the United States was facing the possibility of a cyber-Pearl Harbor and was increasingly vulnerable to foreign computer hackers.

In varying degrees we are all connected to this new delivery termed cyberwarfare, the next evolution of cybersecurity and the impact on all of us is remarkable. Cyberattacks are increasing because technology is changing minute to minute, data is doubling every year, and more than 2 billion people are online. In an excerpt from InfoWorld, January 28, 2013, author Israel Martinez from the Cyber Security Council writes, “The paradigm in the U.S. must shift from defense to offense. This type of threat is going to be a very big problem for us over the next 12 months."

Is the hospitality industry apprehensive about this newborn? Rest assured, there are new people, processes and technology that can help avoid cyberparalysis, poor investments and help prepare an effective cyberdefense and offense.

The term cyberwarfare implies a series of battles with a virtual enemy, and recent experience proves it to be true. For many of us, it means the days of simply complying with standards (e.g., PCI, SOX 404, HIPAA) are over. While compliance will remain important, new threats introduce a need to prepare against a generation of malware and actors that have earned the acronym advanced persistent threats (APTs). Sadly, achieving compliance will no longer save us from global cyberattacks on our hotels nor will it save us from a new generation of accountability. Earlier this year, Wyndham experienced this as the FTC filed a complaint against the corporation suggesting companies must live up to the promises made about privacy and data security.

According to industry experts advanced persistent threats now abound. As discussed at the Gartner conference in 2012, “You’re already infected, you just don’t know it.” An APT combines malware and human resources to effectively and purposely breach specific organizations, especially those with personal client information. This new generation of APTs is so sophisticated and persistent it will seek to penetrate devices until the objective is achieved and cover tracks to exploit access in future initiatives. These attacks are against privacy, i.p., data and stability via our IP networks, computers, servers, cell phones, smartphones, social network sites and even against internal business systems required to support operations. Moreover, the HP 2012 Cyber Risk report, demonstrates that an APT is already located inside a network for an average 418 days before it’s discovered.

Because of these APTs, accountability methods and consequences by government, board members, industry, fiduciary mandates and customers are evolving quickly. Effective cybersecurity within a strong enterprise risk management strategy, combined with regulatory compliance, is now the new mandate. Leadership must consider this an integral part of their business strategy and even a board-level issue when relevant. New generation consequences for sub-standard cybersecurity now range from digital reputation damage, fines and even stock price loss. Many believe corporations like Nortel have gone out of business because of APTs and the chain reaction of ill preparedness.

Is the industry prepared for the responsibilities of the new effects of cyberwarfare? In the March 28, 2013 WallStreet Journal, Shawn Henry, former executive assistant director for the FBI, said “The current public and private approach to fending off hackers is unsustainable. Computer criminals are simply too talented and defensive measures too weak to stop them.” 

The U.S. Federal Government is introducing yet greater accountability and remediation methods including a Presidential Directive, House Bill known as CISPA, The Cyber Intelligence Sharing and Protect Act . CISPA encourages industry to voluntarily share cyberthreat information with the U.S. government and the most recent draft has a provision for the private sector to counter an attack. This directive is meant to proactively affect small and large operators in the private and public sector in an effort to combat this threat that impacts critical infrastructure.

How should the hospitality industry prepare for this new generational threat? Here are some key tips gathered from security experts that might help.

1. Leverage new approaches. Technology and the subject matter is evolving quickly.

   a. Security intelligence: the art/science of detecting assets that are already infected. That list already exists. One company is collecting more than 7 million newly APT infected devices per day. A company can simply run a report to see if its IT assets are listed.

   b. Mobile device sales are dwarfing PC sales and account for more than 12 percent of global Internet traffic. Detecting and remediating advanced malware on a mobile device including current compromises which bypassed all of the existing security solutions should be part of the strategy. This type of solution has no additional hardware investment and runs in the cloud.

   c. State-of-the-art tactics are available to analyze digital behavior.

2. Consider cybersecurity insurance. As stated by the Department of Homeland Security, “Cybersecurity insurance is designed to mitigate losses from a variety of cyber incidents, including data breaches, network damage and cyber extortion.”

3. Stay informed, education exists and is available today. 

   a. Stay on top of cybersecurity legislation as it evolves.

   b. Employee training regarding topics like social engineering threats such as spear phishing is critical.

   c. Leadership knowledge is available, such as what every CxO should know before during and after a cyberbreach. This type of knowledge training can also apply to senior hotel leadership.

   d. SANS Institute supplies education courses online and in the classroom, as well as supporting material including, the top 20 critical security controls.

Take action. Even the consideration of one of these tips may save a property, corporation and valuable guests.