Photo: depositphotos.com

If you’re reading this, chances are that you have stayed in a hotel before. You have also likely drunk at a bar and eaten at a restaurant; it’s even likely you did all these things in one night. The world of hospitality is one we encounter on a near daily basis, so it’s no surprise that the industry is worth $4.548 trillion as of 2022. However, as we’ve seen with other sectors that experience consistent growth in value, cybercrime and threats follow closely behind.

In this vein, Trustwave recently released its latest in-depth report looking into the threat landscape of the hospitality industry to highlight risks and advise businesses in this industry on how to outmaneuver the cybercriminals targeting them.

Here’s some of what Trustwave uncovered.

Hospitality’s unique digital landscape

The hospitality industry is uniquely faced with a constantly shifting user and customer base. Guests stay in hotels for a night or two, customers visit restaurants and bars for hours at a time, and will often sign up for free Wi-F. They will book tables and rooms using apps or email and generally share valuable data and contact information. Furthermore, the hospitality industry must contend with a workforce that changes on a seasonal basis and that has high rates of turnover within it.

What does this mean for businesses functioning within the hospitality industry? A growing risk and threat landscape. Through research for this report, Trustwave discovered that nearly a third (31%) of hospitality organisations have reported a data breach and 89% of those businesses who reported a breach had been affected more than once a year. We’ll discuss later on the time and financial impact that this incurs, but it’s safe to assume it is an eye-watering amount.

With a constant stream of customers accessing digital services provided by hospitality businesses, increased onus is on the business to ensure these services are secure and safe from an ever-growing list of threats to customer data. Likewise, with a constant turnover of seasonal staff, employees may not be getting the training they need when it comes to cybersecurity best practices.

Threat education

Both customers and employees should be confident their data is being protected irrespective of how long they are at the company or visiting the venue. Ensuring this is guaranteed is a multi-faceted issue that comes down to both education on threats to consumers and employees, as well as cybersecurity technology and services that keeps businesses on the front foot.

An external cybersecurity partner has quickly become a necessity as opposed to a ‘nice to have’. Trained experts tasked with thinking like a cybercriminal to deter their possible ways of entry is a critical weapon in the arsenal of hospitality companies. In addition to this, educating your staff is also an intrinsic part of keeping the most liable entities in the business from engaging with any malicious actors. Trustwave knows from its research that most of the ways cybercriminals attack and gain access to hospitality businesses' data is through email-borne malware, phishing, and scams, such as business email compromise. All of which are targeted at employees and customers who are liable to share information or click on malicious links without knowing.

Below are just a few of the key threats and trends impacting the hospitality industry at the moment:

  • Artificial Intelligence and Generative AI: Generative AI is a powerful tool that is being increasingly used by the hospitality sector to improve guest experience with services like chatbots or language translation, opening the industry up to unique implications and risks.
  • Contactless Technology: Newer features like contactless table payments and smartphone-card reader integrations offer a seamless experience to businesses and customers alike, but also introduce new vectors of attack.
  • Third-party Risk and Exposure: An increasing reliance on third-party vendors for services, such as HVAC, vending machines, and point-of-sale (PoS) systems, creates additional risk as more vendors have access to sensitive data or systems.

The cost of not investing in cybersecurity

For many industries right now, times are tough. Money is tighter than anticipated and businesses are working within the parameters of global economic uncertainty. This is understandably leading businesses, especially those in hospitality who were already reeling from the global pandemic, to prioritise their spending and perhaps view cybersecurity measures as a ‘nice to have’ as opposed to a non-negotiable.

Further costly investment in cybersecurity measures might be the last thing on hospitality business leaders' minds, but truthfully there is a bigger cost at stake for not investing. Trustwave found that the average cost of a data breach in the hospitality industry was around $3.4m (~£2.8m). Combine this statistic with the one from above - that 89% of businesses that were affected by data breaches had multiple breaches within a year - and you can see clearly why investing in cybersecurity is valuable and necessary.

It’s easy for cybersecurity to fall down the list of priorities in industries such as hospitality. Often, an issue not directly facing or afflicting the customer is one that is easy to de-prioritise ahead of something that’s more likely to improve consumer experience. However, the frequency, cost, and reputational impact of cyberattacks in our digital age can be drastic for even the most established hospitality brands and businesses.

Based on the findings from the report and the unique threat landscape of the hospitality industry, preventative cybersecurity measures remain a crucial tool for businesses. Additionally, ensuring staff are employing a proactive mindset when it comes to cybersecurity, such as reviewing email security, Wi-Fi authentication, and other data collection platforms, ensuring all passwords are changed regularly, as well as finding a solution that helps you to detect and respond to nefarious activity on your network, are all key ways to mitigate risk of cybercrime and avoid a costly recovery process.

As we become increasingly more digital in our day-to-day lives, investment in cybersecurity is quickly becoming a no-brainer like that of health or travel insurance. Being proactive in identifying risks and addressing them with a well thought out cyber security strategy is a lot more cost effective than having to deal with the consequences of a breach. As we’ve seen in our research, the hospitality sector has become a preferred hunting ground of cyber criminals. Developing both an offensive and defensive approach to these threats needs be a business priority for businesses within the sector.

About Trustwave

Trustwave is recognized as a global security leader in managed security services (MSS) and managed detection and response (MDR).  With more than 2,000 world-class security professionals operating on behalf of clients across 96 countries, Trustwave helps organizations across the globe detect and respond to threats 24x7 in the hybrid multi-cloud world.  The elite Trustwave SpiderLabs team provides award-winning threat research and intelligence, which is infused into Trustwave services and products to fortify cyber resilience in the age of advanced threats. For more information visit www.trustwave.com

Calum Warren-Piper
PHA Group
Trustwave