Tech Talk

Recent posts

Time is limited. Once it’s gone, you can’t gain it back. Similarly, once a room goes unsold for a night, it will go unsold forever. There’s no way to recover that loss, because there’s no way to go back in time.
 
Many hotels fight this limitation by trying to sell as many rooms as possible. If all the rooms are completely booked, time no longer becomes a factor. But most don’t have the luxury of being at-capacity every single night. That’s why last-minute booking apps are growing in popularity in the industry, where hotels can make the most of each day. These apps specifically target guests who don’t plan far in advance, seeking accommodations from one week to one minute later.
 
There are several different ways your hotel can benefit from using last-minute booking apps in your business strategy.

IoT is Coming, Jon Snow…
Posted: 05/21/2019

Hospitality is prime for the coming advent of the various devices that make up the Internet of Things. Estimates show the industry now represents 17.5 million rooms worldwide and savvy guests are demanding more personalization and an overall improved guest experience along their connected travel journey and belief is that IoT can bring this to reality. 

The forces driving local search rankings are constantly changing. But recent studies suggest that in 2019, four key factors make up the local search algorithm. 
 
The most significant factor is Google My Business (GMB). If you’re not on it, get on it now.

The robotic revolution in the hospitality industry might seem to have taken a step back. This January, the famously quirky Henn-Na Hotel in Japan fired half of its 243 robot staff. The robotic workforce reportedly irritated guests and frequently broke down.

Think about the moment when you first enter your hotel room. Look around: Does the room tell you anything unique about the hotel where you are staying? Or is it all beige walls and double beds with white covers, and you have to walk back outside and look at the sign on the hotel’s facade to even remember where you are?



want to read more articles like this?

want to read more articles like this?

Sign up to receive our twice-a-month Watercooler and Siegel Sez Newsletters and never miss another article or news story.

x
 

Spotting Vulnerabilities – Is Vulnerability Scanning Antiquated?

10/12/2015

I often hear, “Isn’t vulnerability scanning outdated?” from my clients. After all, with log monitoring and patch updates readily available, they tend to wonder, “What’s the point?”

However, without ongoing vulnerability assessment (VA), the probability of exploits and compromise for a company rises dramatically.

Move beyond the it-can’t-happen-to-me feeling of security and look at the facts: an average of 19 new vulnerabilities are reported per day, according to the National Vulnerability Database.

Most hackers don’t care who you are. They care about your vulnerabilities.
If you look at headlines recently published in the media, it’s easy to see not all attacks are targeted to a specific business. For example, vulnerabilities like Ghost, Poodle and Heartbleed actually attacked systems based on specific vulnerabilities.

Many large, popular retailers and companies may not have lost as much sensitive data if they and their third party vendors had been practicing regular VA scanning to discover vulnerabilities within their networks and sites.

Did you know the same vulnerability scanning tools that enterprise businesses should be using are the same tools attackers use to discover vulnerabilities? Vulnerability scanning, in fact, is one of the only crucial things that can help companies keep up-to-date on emerging vulnerabilities.

In order to systematically shrink a company’s risk window and prevent a data breach, critical vulnerabilities must be continuously identified, prioritized and remediated across a significant portion of the network.

Here are a few examples of vulnerabilities that your organization’s VA tools should catch (and that your IT team should repair immediately):

  • Cross Site Scripting (XSS): A XSS attack can be carried out using various client-side languages (JavaScript being chief among them). Most scanning tools today are very quick to point out XSS vulnerabilities (if you have them).
  • SQL Injection: This attack takes place when an attacker jumps on insecure web application coding and begins to query an organization’s backend database with fervor. The reality is, these issues are quite easy to resolve, yet still widely rampant. Running scans frequently can help to identify this vulnerability quickly.
  • Heartbleed: While the media sensation of Heartbleed has finally died down, it was a heavy hitter that existed within OpenSSL 1.0.1 and 1.0.2-beta. Running VA scans would have immediately caught this vulnerability once it had been published.

A correct vulnerability management program takes a wide range of network issues into consideration. It not only identifies weaknesses that may need correction, including misconfigurations and policy noncompliance vulnerabilities that a patch management system alone may not be able to address, but also delivers an across-the-board picture of all systems, services and devices that can potentially breach a network.

Why don’t organizations scan more often?
Due to what was once perceived as a complicated, disruptive process to daily business functions, it’s no secret that VA has caused some huge management headaches over the years.

On top of that, most organizations treat vulnerability management as an occasional and isolated spot check process, largely focused on addressing immediate issues. When a company views VA as a random point-in-time, it is not only a detriment to the industry, but also a practice ineffective at minimizing risks.

Industry best practice is to scan quarterly (at the very minimum) and include a system to speedily remediate discovered weaknesses.

Encourage a top-down approach
It can be challenging for IT departments to gain management support when it comes to enforcing security-related policies and procedures. After all, change can be difficult to implement from middle management up through an organization.

But VA activities must have acceptance from the highest executive levels of an organization in order to be effective. It’s critical that management understands the importance of the assessment to the organization as a whole, and give IT the approval to perform scanning activities.

Keep in mind: The time it takes an IT team to repair and recover from vulnerability exploitation usually has far greater impact on a business than the shorter amount of time it takes to get the organization up to speed on a VA solution.

Once a company has buy-in across the board, it’s important to encourage awareness and training among team members. Typical VA awareness training within a company should include:

  • Company-specific goals for utilizing the technology
  • An explanation of how a vulnerability scanning appliance operates
  • Which departments and systems will be in the assessment scope
  • How false positives can be reported to the IT team
  • How reports can be used to show details around vulnerabilities
  • Where patches can be found and details around the severity levels

Some organizations decide to conduct the scanning process independently, especially with the introduction of scanners that do not require advanced security knowledge to install or implement. When it comes to internal scanning, companies are allowed to use their own product, but to comply with the Payment Card Industry Data Security Standard, they must use an approved scanning vendor for all external VA scans.

Long live vulnerability scanning
As long as hackers and their malware are out there, vulnerability scanning will continue to be a necessary part of everyday security operations. With this simple approach, security holes can be repaired before they become problematic, and companies can proactively fend off attacks before they occur and do serious damage.

About The Author
Brand Barney
Security Assessor
SecurityMetrics


 
Comments
Blog post currently doesn't have any comments.
Leave comment



 Security code