Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Cybersecurity in the Hotel Industry Should be a Joint Effort

Recent cybercrime headlines in the hospitality industry should make for unsettling reading after last year brought another raft of attacks against hotels. The global hospitality industry now sits in the top three of industries most frequently targeted by hackers, according to the 2015 Trustwave Global Security Report.

The steady flow of high-profile data breaches revealed that point-of-sale malware remains a primary threat, but criminals are also setting their sights on other sensitive data - as well as third-party providers, such as booking and car rental companies, which maintain hordes of information on travelers.

Thieves have seized the opportunity to capitalize on the wealth of data that passes through varying weak spots in hospitality networks, and they're now looking for more than just credit card data. Hotels hold contact details, travel plans, air miles, birth dates, passport data and personal preferences on millions of guests - all of which can be used by criminals in a multitude of ways, ranging from fraud to extortion.

According to the aforementioned report, 65 percent of the hospitality industry's security breaches were via point-of-sale (POS) systems, with weak remote access security contributing to 44 percent of those compromises.

But a number of breaches also affecting the industry targeted booking partners - companies that facilitate reservations on behalf of the hotel brands for services such as air travel, car rental and room bookings. Often these providers don't carry the brand recognition of the hotel chains, which makes them an attractive target to the hackers who see them as a potential weak link in the data chain. This trend began in the Europe, but has spread to other regions as well.

Attackers likely specifically and deliberately targeted businesses that provide service to hotels, airlines and car rental companies because they serve as an attractive aggregation point for the sensitive data of many customers.

Regardless of where the initial breach occurs, one thing is certain: if customers can't rely on a brand's booking system, they will simply go elsewhere. Statistics show that nearly one in five shoppers have dropped out of an online travel booking because of security concerns around payment.

There must therefore be tighter control across a hotel and its network of partners. Without that, the entire chain is vulnerable to attack.

Assess risks everywhere

Understanding where critical data lives within your enterprise and how it moves, both internally and outside of the organization, is paramount. This includes ensuring that third-party access points are covered up. You also need to inventory systems to understand their patch and vulnerability status, and assess current volumes of detected security incidents and how long it takes to respond to these known incidents.

Protect the POS system

POS attackers often take advantage of vulnerabilities, from configuration errors like easy-to-guess passwords to underlying flaws in the system itself, to access payment terminals and plant malware. Bars, restaurants and gift shops are often as big of targets as hotel front desks. Identifying this type of breach can be extraordinarily difficult because POS malware variants are difficult to identify, so it is critical that hotel chains - and their partners - have experts regularly conduct deep-dive penetration to sniff out potential vulnerabilities before criminals can take advantage of them.

Find malware and keep data protected

Hoteliers must accept that either their systems or those of their partners may be infected with malware, and often threats can reside on the system for months without being picked up. To mitigate the potential damage caused by unidentified malware, hoteliers and their partners should implement intrusion detection, security management and threat intelligence services, as well as scan inbound and outbound communication to flag data-stealing malware in real time and prevent information from leaving the door.

    7192_e6a3dad0-5a16-4868-bcbc-4fd15a5bcfb8 

Latest Trustwave Blogs

Trustwave Named in 2024 Gartner® Market Guide for Managed Detection and Response (MDR)

For the second consecutive year, Trustwave has been named a Representative Vendor in the 2024 Gartner® Market Guide for Managed Detection and Response.

Read More

6 Steps on How to Respond to a Data Breach Before it Ruins Your Business

Too many consumers have awoken one morning to find messages from a retailer or their bank detailing purchases made through their account of which they were unaware. While the realization that they...

Read More

Understanding the Impact of AI on Data Privacy

The world is just beginning to understand how the intersection of artificial intelligence (AI) and data privacy will impact organizations, their employees, and those who use their services. As of...

Read More