Identifying the Top Cybersecurity Risks to Your Business in 2022
By Michele Mott
Last updated January 26, 2022
3 min read
With business reputations, consumer confidence, and revenues at stake, cybersecurity risks continue to represent a major concern for any organization regardless of their size or industry focus. Estimated to cost businesses up to $10.5 trillion annually in damages by 2025, cybersecurity threats are only increasing in number and are becoming more sophisticated as hackers discover more effective ways of exploiting network and system vulnerabilities.
For hospitality-based businesses in particular, each year seemingly brings a new record in the frequency of attacks alongside the discovery of previously overlooked vulnerabilities. With sensitive hotel and guest data representing a high-value target for hackers seeking financial gain, hoteliers unfortunately can only expect attacks to increase in both volume and level of creativity. This first part of a blog series on cybersecurity focuses on identifying the top threats that hoteliers and their guests are increasingly at risk of encountering. Only by continuously educating themselves on the latest tactics used by hackers can today’s hospitality businesses begin to understand how their various systems need to evolve to maintain effective protection at all times.
Understanding the Rising Threat of Ransomware
An increasingly common attack performed against hotels, and among the costliest, is the use of ransomware to wreak havoc on property operations and services. As a form of malware that is typically uploaded to hotel systems by spamming employee emails or with the downloading of infected files from websites, ransomware results in a hacker being able to encrypt business data to prevent access without an encryption key. This leads to hackers being able to hold hotel operations hostage with employees unable to perform a range of essential tasks - from unlocking guestrooms to processing payments. Once crippled, a hotel is then given the option to pay a ransom in order to receive the encryption key that allows them to restore service access.
With hotel systems, such as a PMS holding a massive amount of sensitive guest information that may lead to privacy concerns, ransomware can be frequently used to target guest data in order to raise the stakes for hoteliers. Yet, while research reveals that roughly half of businesses ultimately decide to pay a ransom, studies also show that only 26 percent end up having their data unlocked by the hacker.
From Phishing to Spear-Phishing
Using phishing techniques to gain access to hotel systems in order to upload ransomware or perform a range of other illegal acts has come a long way since the term was first coined. Hackers have since moved on from using a one-size-fits-all approach of sending out spam emails to instead create highly targeted attacks that enhance the appearance of creditability. While still leveraging email to perform some these more personalized hacking attempts, hackers are now also using social media to not only obtain details on targeted employees, but are utilizing such channels as another means of gaining access to hotel systems.
To begin the process, a hacker will first seek out an organization’s employees using a search of social media in order to identify ones that provide sufficient details on their background. Hackers will then create a fake social media profile that lists similar interests, group memberships, employment history or educational achievements. Using the fake profile, hackers will make a friend request to the targeted employee and, after a few initial conversations to build trust, will ultimately share a link containing the infected software.
The Implications of Mobile Devices on Business Data Security
The rise of mobile-enabled business operations has undoubtedly led to an impressive increase in efficiency and staff productivity, but it has also resulted in creating data security vulnerabilities. According to security firm Check Point, 40 percent of all mobile devices are vulnerable to a cyber-attack, with at least one company included in its report experiencing a breach after an employee mobile device became infected.
The issue with mobile devices is that they are often not monitored or protected against potential cybersecurity risks. While businesses may heavily focus on adopting enhanced data security tools for its network and systems infrastructure, protection of mobile devices frequently becomes overlooked and can represent a significant gap in an otherwise effective cybersecurity strategy. To be successful, hackers will frequently exploit the fact that many employees do not regularly update their devices with the latest OS software. With many employees continuing to work remotely, hackers will no doubt increase efforts to exploit such vulnerabilities until businesses make greater efforts to finally close any remaining loopholes.
Credential Theft Remains a Growing Hacking Method of Choice
While organizations make significant investments in cybersecurity security protection, credential theft remains one of the most common and easiest means for hackers to exploit. Hackers can now even purchase stolen login details using the dark web. This simply comes down to employees not using effective authentication protocols or using passwords and security questions that are easy to guess. While more convenient, employees using the same password to access multiple systems can likewise make easy prey for hackers seeking quick, yet effective access to data-rich systems and services.
Keeping Pace with Evolving Cyber Security Risks
Credential theft and the other above-mentioned tactics are just among some of most commonly used approaches by today’s hackers. Yet as previous security flaws become fixed, hackers are by no means remaining static and are always on the lookout for ways to exploit new vulnerabilities. This is why it remains essential for businesses to partner with solution providers with the ability to continuously ensure total protection against both old and new threats.
Stay tuned for the next ProfitSword blog on cybersecurity. Readers of the next post will discover how they can leverage relationships with reputable business intelligence providers to always stay one step ahead of those seeking to inflict harm on their business and guests.