Cyberattacks are expected to grow 15% year-over-year according to data from the World Travel & Tourism Council. In this context, one of the great concerns of IT teams and company managers is to have a robust cyber-resilience strategy capable of guaranteeing business continuity in the face of a cyber attack.
This cyber resilience is even more necessary in companies that handle sensitive customer data that is especially attractive to cybercriminals, such as the banking or hotel sectors.
Do you want to know what it implies and how to successfully implement a strategy of this type in your business? Keep reading.
What is cyber resilience?
Cyber resilience is an increasingly important concept in the world of technology and information security. It refers to an organization's ability to resist, recover from, and adapt to cyber threats and other adverse events. In other words, it's about an organization's ability to stay operational in the event of a cyberattack.
Among its advantages are:
- La economic impact mitigation caused by the interruption of the usual activity of the company, by providing an adequate defensive response that minimizes the scope of the attack.
- Increasing competitive advantage of the company compared to its competitors lacking a cyber-resilience strategy, by guaranteeing the continuity of its services and improving its reputation.
- La improvement of corporate risk management with a high capacity to patch vulnerabilities and face eventualities.
What is the context of cyber resilience in the tourism sector?
The tourism sector has increased its security breaches by 67% in recent years, according to the Microsoft study “Codes to Resilience”.
This increase is mainly motivated by the great technological growth of recent years, the lack of investment in ciberseguridad and the subjection to different laws and regulations in this matter, since the majority of companies operate in several countries.
In this context, who are the owners of the tourism sector in terms of cyber resilience?
Cyberattacks target both large and small and medium-sized tourism companies
While cyberattacks on large businesses are the order of the day, research shows that small and medium-sized businesses are just as vulnerable and, in fact, more likely to be unable to sustain business in the event of an attack.
In Europe, 72% of SMEs report having suffered at least one cyberattack and 60% of them are forced to close their blinds within 6 months of the attack.
With approximately 80% of all companies in the sector being SMEs, there is no doubt that mitigating cyber risk should be a priority for the sector.
Vulnerabilities grow
Cybercriminals seek to exploit any possible area of vulnerability, from the most obvious such as payments even the most unpredictable customer loyalty programs. Contrary to what it may seem, the latter are especially interesting due to the amount of sensitive data they contain. That is why it is convenient to protect them as part of the broader ecosystem of the business.
It may interest you: Keys to improve the security of my payment gateway
The financial costs of a cyber attack are increasing
The financial cost of cybercrime has increased by leaps and bounds year after year to become a worrisome risk that requires special attention. In fact, according to IBM, average cost of data breaches in 2022 was the highest in history, amounting to 4,35 million, which is +2,6% more than in 2021 and 12,7% than in 2020. The progression is shocking.
The reputational cost
Most customers assume and expect the privacy of their data, even if the company does not offer explicit security measures. It is this trust placed in tour providers that carries with it the great responsibility of keeping that information secure. Not doing so means generating a negative perception among users that ends in losses.
Keep learning: Guide to data protection in hotels
How to prevent cyberattacks in hotels?
If we zoom in on cyber-resilience in hotels, there are several areas of vulnerability that should be covered to guarantee the security of guest data. Some of the main courses of action go through:
1. Securing identities
More and more identity data from guests is collected with the aim of improving efficiency and personalization in accommodations. For their part, they also increase the variety of identity verification methods, with systems as delicate as biometrics being the order of the day.
As the ability to confirm identity has diversified, the opportunity for criminals to access this information has also accelerated, making it more necessary than ever to have protective barriers to prevent unwanted intrusions such as, for example, double authentication factors.
2. Bet on specialized cybersecurity training in hotels
It is essential hotel staff training. Many cyberattacks such as darkhotel or CEO fraud, among others, have a long history in the hotel sector, making it increasingly difficult to identify and prevent.
Improve your employees' cybersecurity training with Cerium
Contact for more information about our courses
3. Protect IT and OT systems
The hot spots in terms of vulnerability of infrastructures and systems are undoubtedly IoT, Wi-Fi, data integration, PMS and loyalty programs.
In relation to the first, it is expected that in 2025 IoT devices will exceed 75.000 million, which represents an increase of more than 900% in just 7 years.
The hotel sector, with its smart rooms, interactive stations, or hotspots He is no stranger to this trend. In this sense, the challenge of securing this type of infrastructure has become a major challenge for establishments.
Additionally, we cannot forget that it is a globalized sector that requires cyber security in transport systems and, even more critically, in access to the WiFi network, one of the main demands of guests.
4. Privacy, critical infrastructure and supply chain legislation
There is no global legislation on cyber security, so the laws apply at the regional and national level. However, the European Union has tried to guarantee a high common level of cybersecurity throughout the Union with the recent Directive (EU) 2022/2555, dedicated exclusively to this issue.
For its part, Spain has the Cybersecurity Law Code, a regulatory compendium where you can find all the updated regulations on this matter.
Legislation advances slowly, which is why the concept of accountability or the ability to go one step beyond the regulations in order to respond to current threats and anticipate future ones is important.
Good practices in a cyber resilience strategy
There are a series of good practices that strengthen the cyber-resilience strategy. In general, it is about carrying out a proper risk management and performing regular vulnerability assessments to detect potential threats. In addition, clear and effective security policies must be implemented and train all staff in secure IT practices.
It is also important to have a contingency plan in the event of a cyberattack, including an emergency response protocol and a strategy to recover lost data or engaged. Incident management is equally essential to ensure that the business can maintain its operations in the event of an adverse event.
As you can see, cyber resilience is essential for effective risk management in the tourism sector today and ignoring it can have devastating consequences for your reputation and business continuity. Therefore, it is convenient to have a specialized hotel security provider as Cerium to accompany you in the design and implementation of the most suitable cybersecurity strategy for you.
