Over a third of hospitality organisations have reported a data breach

Over a third of hospitality organisations have reported a data breach in their company’s history, according to a Trustwave report.

89% of the hotels, restaurants, cruise ships, and other hospitality businesses that have experienced a data breach report to have been affected more than once a year.

With the average cost of a hospitality breach costing $3.4 million, it’s the workers on the bottom line that will feel the hit “due to the highly competitive nature of the industry,” the report states.

“With unique considerations, such as the adoption of contactless technology and the steady turnover of customers and employees, the hospitality industry faces a complex security landscape with distinct challenges,” says Trustwave chief information security officer Kory Daniels.

“In an industry where guest satisfaction and reputation are paramount, staying secure while offering cutting-edge technology is a delicate balancing act.”

An analysis of over 150 victims in the sector show a significant surge in ‘Clop’ ransomware attacks which encrypts company files.

HTML files make up 50% of file types being used for email-borne malware attachments to gain entry, and simply being able to guess weak passwords makes up 26% of entries.

The cyber security firm points to three emerging and prominent trends in the hospitality industry contributing to the attacks.

One, is the rise of generative AI. As the artificial intelligence proves popular amongst the hospitality sector to improve guest experience with services such as chatbots or language translation, Trustwave reports that it is also opening the industry up to unique implications and risks.

Secondly, contactless table payments and smartphone-card reader integrations are also introducing new vectors of attack, and third-party risk and exposure such as vending machines create additional risks, too.

The hospitality industry faces a unique set of challenges when it comes to cyber security, as the nature of the industry means a high turnover of staff, and more difficulty to keep on top of security training.

Plus, as it serves hundreds of different customers on a daily basis, this means providing a network and bandwidth secure and large enough to keep up with the sheer number of users, while at the same time making businesses hesitant to deploy any patches and configuration changes as it may have an impact on the day-to-day operations.

Physical security is also a major concern. Unlike in offices, where servers and computers are behind a locked door only accessible by employee key cars, hospitality businesses can not as easily keep such a secure front.

“For instance, the server closet in a hotel could be left unlocked and easily accessible or a thumb drive could easily be inserted into a nearby device,” the report writes.

To read more on cyber security click here