Wake-up call for cybersecurity in hospitality, ET HospitalityWorld | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware

In a period dominated by digital transformation, the hospitality industry has embraced technology to enhance customer experiences and streamline operations. However, the increasing reliance on interconnected systems has also exposed the industry to a rising threat – cybersecurity breaches. With the hospitality sector becoming a prime target for cybercriminals, ransom demands and data breaches have emerged as a significant concern, demanding urgent attention to fortify cybersecurity measures.

Rising incidents of cyber breaches

The hospitality industry has sensitive information, including customer details, payment information, and proprietary business data. This makes it an attractive target for cybercriminals seeking to exploit vulnerabilities in digital infrastructure. The rise of sophisticated cyber-attacks, such as ransomware, has added a new layer of complexity to the security challenges faced by hotels, resorts, and other hospitality establishments. One of the most prominent recent incidents highlighting the cybersecurity vulnerabilities in the sector is the data breach at the renowned Taj Hotels. The incident not only disrupted operations but also raised concerns about the industry’s overall preparedness to tackle such threats.

According to The Indian Accommodation Barometer 2023 report, only 3 percent hotels are using Artificial Intelligence (AI), and around 70 percent of the industry does not prioritise investments in AI. These statistics indicate a significant gap in the adoption of AI-driven cybersecurity measures.

Long-term consequences of neglecting cybersecurity

The consequences of neglecting cybersecurity in the sector extend far beyond the immediate financial losses incurred through ransom payments. A data breach can irreparably damage a hotel’s reputation, eroding customer trust and loyalty. With the hospitality industry heavily reliant on positive brand perception, such incidents can have long-term ramifications, affecting revenue, customer acquisition, and market standing. Moreover, the interconnected nature of the industry also means that a cybersecurity breach in one establishment can have a cascading effect on others within the ecosystem.

Regulatory measures

Regulatory bodies are increasingly stringent regarding data protection, and hotels failing to meet compliance standards may face hefty fines and legal consequences. According to the Digital Personal Data Protection (DPDP) Act, businesses acting as data fiduciaries may face penalties of up to INR 250 crore for each occurrence of a data breach. Furthermore, in the case of major breaches, a maximum penalty of INR 500 crore is stipulated by the Act.

Keys to cyber safety: Best practices for Hospitality resilience

In light of the growing threats, it is imperative for hotels to prioritise and invest in comprehensive cybersecurity measures. Take a look at some of the best strategies and practices:

Comprehensive risk assessment: The sector should conduct a thorough assessment of cybersecurity risks specific to their hotel’s operations. This includes identifying potential vulnerabilities in networks, systems, and applications and implementing continuous monitoring tools to detect and respond to potential threats in real-time They must also stay informed about the latest cybersecurity threats and trends through threat intelligence sources to proactively adapt security measures.

Prioritise cybersecurity investments: It is paramount for the hospitality industry to prioritise significant investments in various aspects of cyber infrastructure, encompassing state-of-the-art tools and technologies to proactively address potential risks. Additionally, substantial investments should be directed towards comprehensive cybersecurity training, ensuring that the workforce possesses the necessary knowledge and skills to navigate the complexities of evolving cyber threats within the hospitality landscape.

To achieve this, the industry should explore collaborations with professional ICT companies, leveraging their specialised expertise in data protection. These companies can offer tailored digital infrastructure solutions, including smart surveillance, client computing, and security solutions designed specifically for the hospitality sector. This in turn enables hotels to leverage advanced technologies, such as smart room systems, contactless check-ins, and data analytics for personalised guest experiences. By entrusting cybersecurity responsibilities to experienced firms, hotels can benefit from cutting-edge technologies, industry best practices, and dedicated cybersecurity professionals.

Regular software updates and Patch management: One must keep all softwares, including operating systems and applications, up to date with the latest security patches. Regularly update and patch systems to address known vulnerabilities and protect against potential exploits. Also, back up critical data and ensure that backup procedures are tested and effective. In the event of a ransomware attack or data loss, having reliable backup systems can mitigate the impact and facilitate a faster recovery.

Network security: Utilise firewalls, intrusion detection/prevention systems, and secure Wi-Fi networks to protect against unauthorised access. Regularly monitor network traffic for anomalies and potential security breaches. Furthermore, implement encryption protocols to protect sensitive data, both in transit and at rest. This includes encrypting customer information, financial transactions, and any other critical data stored within the hotel’s systems.

Incident response planning: Develop and regularly update an incident response plan that outlines the steps to be taken in the event of a cybersecurity incident. This plan should include communication strategies, roles and responsibilities, and coordination with external cybersecurity experts if necessary.

Overall, the adoption of technology in the hospitality industry brings undeniable benefits, but it also exposes it to cyber threats that can have far-reaching consequences. Ransom demands and data breaches should serve as a wake-up call for the industry to prioritise and invest in cybersecurity as it forms an integral part of the industry’s operations. By implementing robust security measures, fostering a cybersecurity-aware culture, and staying abreast of emerging threats, the hospitality sector can build resilience against cyber-attacks, preserving the goodwill and trust of both, guests and stakeholders.

Pinkesh Kotecha, managing director and chairman, Ishan Technologies

  • Published On Dec 20, 2023 at 01:00 PM IST

Join the community of 2M+ industry professionals

Subscribe to our newsletter to get latest insights & analysis.

Download ETHospitalityWorld App

  • Get Realtime updates
  • Save your favourite articles

Scan to download App


Click Here For The Original Source.

National Cyber Security