With extensive experience at some of the world’s largest cybersecurity firms, Tracey Moon is an accomplished industry leader and is well versed in the tactics and motivations of the cybercriminal underworld. We spent some time with her to understand more about how cybercrime is affecting the hospitality sector, and how businesses can protect themselves from a breach.

Why might a cybercriminal target the hospitality sector?

Any sector with a business model that relies heavily on personalising the customer experience must collect and store massive amounts of customer data. That customer data is a highly prized target by cyber criminals because they can use the data for identity theft, financial fraud, hold it ransom, and any number of uses for their financial gain. During the last several years, the hospitality sector has seen increasing
attack activity due to its reliance on interconnected systems such as unsecured public WiFi for guests and the increased use of devices for hotel door locks and other uses growing the attack surface through IoT (Internet of Things).

Do they target only big businesses or are independent businesses at risk?

When it comes to cyber crime, everyone is at risk. However, cyber criminals are going to spend the majority of their effort on the large prize, which would be larger businesses. It takes time for them to gain access and collect enough data for a major ransomware breach, but they are patient and methodical – often working for several years before they achieve the big score.

It is important to note that even though a large company is a prize target, the independent businesses, vendors and contractors that are small and mid-size, are often targets because they are part of a large business supply chain. Threat actors target every area of the supply chain because they may be able to gain access to the big company systems through a smaller company’s login or other access point.

Are cybercriminals living locally, do they know the business they are targeting?

This is a great question! While it is difficult for researchers to pinpoint exactly how many cyber criminals are local, it is reported that it is more common for small businesses to be the victims of local cyber criminals. Locals have easier access to information about the business and its employees. Smaller businesses are less likely to prioritise cyber security and local criminals find it easier with their knowledge to use social engineering tactics (phishing and phone calls). Additionally, small businesses are more likely to experience attacks from inside since employees often have access to sensitive data.

How can smaller businesses protect themselves against an attack?

There are many places, especially government agencies, that update and educate small businesses on what should be done to develop a robust cyber security strategy. The most important is to train your employees on cyber security and why you need to implement certain policies. The majority of breaches are due to human error so this point cannot be overstated. If employees understand the risks and are educated well, they can help prevent attacks.

In addition to training, businesses should make sure all software is properly configured and updated, use a firewall to protect your network and monitor it closely, create a mobile device action plan, regularly backup your systems and data, physically protect access to all computers, implement a strong password and authentication policy, and secure all WiFi networks. You will sometimes hear employees complain about having to authenticate access to systems or witness them becoming lax about physical security, but you must stand firm! The relaxed practices are what a cybercriminal is waiting for and they will take advantage of it.

What should a business do if they find they have been a victim?

The actions you take if you have been a victim will depend on the nature of the breach and the type of business. If you are breached and your team is not equipped to handle the incident themselves, there are many incident response experts out there to call and seek help – so make sure you know who to call should the worst happen.

The first thing to do is to isolate the network affected while you contact an expert for help. To do this, you can simply take the network offline at the switch or even disconnect the ethernet cables. Next step is to alert employees and take all devices off WiFi manually including work phones, any employees connected to WiFi with their personal phones, all laptops, all devices.

Once you have isolated the problem, you should then evaluate the impact to business partners, customers, and any other affected parties. You need to develop a communications plan and tell them what happened, if they were impacted, and what is being done. You should also inform the authorities.