The hospitality industry, like others, has had to reinvent itself since the start of the pandemic. Pushing businesses towards a model where a key point of contact with consumers is online, these changes have resulted in the development of new websites, mobile apps, increased digital content and greater online traffic. . However, with this increased presence comes increased exposure to cyber risk.
Cyberattacks are not relegated to certain times, operating environments or locations. The hospitality industry is particularly vulnerable due to the various software or brand partner networks required, the influx of customers who could be the attackers, high staff turnover, and the multitude of vendors needed to run your operation. . According to the 2022 Allianz Risk Barometer, an annual report identifying key business risks for the next 12 months and beyond, cyber incidents top the barometer1 for only the second time in the history of the survey, business interruption (BI) falling to within one second.
As the cost of recovering from a data breach continues to rise each year, it’s not hard to recognize the financial benefits of protecting a business from cyber risk by properly training staff and applying the best up-to-date cybersecurity practices. When responding to concerns about your operation’s online security, the first step is to recognize the existing cybersecurity risks that expose an organization to malicious attacks from a hacker. Some of the most common cyber risks and threats to businesses are:
Malware is malicious software that cybercriminals insert into a company’s web pages or web files after entering the company’s site. Malicious actors then use malware to steal sensitive corporate data, including customers’ personal information. Malware can also redirect a company’s web pages to other sites and insert pop-up advertisements on a company’s web pages or website. Viruses, Trojans, ransomware, and spyware are common examples of malware.
Recent malware attacks have exfiltrated data en masse. Malware removal requires constant network scanning so hackers can be identified quickly and malware removed from the corporate network.
Ransomware is malicious software that accesses sensitive information within a system, encrypts the information so the user cannot access it, and then demands financial payment for the data before it is released. The first stage of a ransomware attack is infection, which occurs when a user visits a website with compromised security. Ransomware is usually part of a phishing scam; by clicking on a disguised link, the user downloads the ransomware. Ransomware infections are specifically targeted at users with higher permission levels, such as administrators, to inject malicious code.
Once the code has been delivered and executed on a system, either locker ransomware locks users out of a system or crypto ransomware encrypts data using advanced mathematical encryption keys. In almost all cases, the user or owner of a targeted system will receive instructions on how to regain access. A ransom is clearly presented, along with the preferred denomination and method of payment, and sometimes a payment deadline.
Phishing is a cybercrime in which a target is contacted via email, phone, or text message by someone posing as a legitimate institution to trick individuals into providing sensitive data such as personally identifiable information, bank and credit card details and passwords. The phished information is then used to gain access to important accounts and can lead to identity and financial information theft. Other forms of phishing include vishing or voice phishing, smishing or text phishing, and whaling or email allegedly sent by one of a company’s senior officials.
A data breach exposes confidential, sensitive, or protected information to an unauthorized person who then views or shares the data breach files without permission. Individuals, businesses and governments can be at risk of a data breach and put others at risk if they are not protected. Data breaches most often occur due to weaknesses in technology or user behavior and are not always caused by an outside hacker.
Serious damage is possible if a hacker steals and sells personally identifiable information or corporate intellectual data for profit or to cause harm. Common vulnerabilities targeted in data breaches include weak and stolen credentials, compromised assets, payment card fraud, third-party access, and use of personal mobile devices in the workplace.
Best practices to avoid a data breach include patching and updating software, high-level encryption for sensitive data, upgrading devices when a manufacturer no longer supports software , enforcing “bring your own device” security policies, enforcing strong credentials and multi-factor authentication, and educating employees on security best practices and ways to avoid attacks social engineering.
Working with a knowledgeable insurance specialist who understands these emerging risks and compliance exposures and who negotiates coverage tailored to your needs is essential to gaining protection and avoiding further disruption to your business.