Capturing the State of Security in the Hospitality Sector Amid COVID-19 Crisis

The impact of COVID-19 has turned the operations of the hospitality sector upside down. Not only is the sector struggling to recover from the huge economic crisis, but the attacks from state-sponsored attackers and organized cybercriminal groups have added additional worries.

Ransomware attackers continue to wreak havoc

For a ransomware gang, it hardly matters whether an organization is big or small. They attack firms in a bid to disrupt their critical infrastructure and steal sensitive data.
  • The world’s largest cruise operator, Carnival Corporation, suffered a ransomware attack on August 15, resulting in the loss of its customer data. In a press statement, it revealed that the attackers stole certain data files and encrypted a portion of the IT systems following the attack.
  • The maker of Jack Daniel’s, Brown-Forman, fell victim to REvil ransomware attackers who stole around 1TB of data from the firm. To put pressure on the firm, the gang further threatened to release the stolen files on their website if the ransom demand was not fulfilled.
  • The U.S. travel management firm, CWT, paid a whopping $4.5 million in ransom to Ragnar Locker ransomware attackers to restore their 30,000 infected computers.
  • The supply operations at Australia’s largest beverage giant, Lion, was disrupted after it was hit in a ransomware attack. The incident had caused a system outage.
  • DraftKings disclosed that its online gambling technology provider SBTech was hit by ransomware at the end of March 2020. The interruptions in its customer operations forced SBTech to compensate its customers for the downtime.

Other discerning factors

  • The Ritz Hotel in London lost some of its customers’ personal data after scammers posing as staff members phoned the victims and collected information about their bookings, including their payment card details.
  • Operators at some of the Ontario-based ‘The Beer Store’ outlets were forced to use pen and paper following an attack on its Point-of-Sale (PoS) systems.

A look at the state of security

The hospitality sector has and will continue to be a popular target for cyberattacks. In the last year alone, security breaches at Marriott and British Airways stood out to be two of the biggest cyber incidents in history. According to IBM's 2019 Cost of a Data Breach Report, the average cost of a data breach in the hospitality industry stood at $1.99 million.

Moreover, Verizon’s 2019 Data Breach Investigations Report has cited PoS devices as the most heavily targeted aspect of hospitality infrastructure. Apart from this, the dependency on third-party ecosystems such as partners, suppliers, and technology providers makes it quite difficult to protect the hospitality industry from cyber threats.