Social engineering, AI advancements, and new tech streaming devices are among the top hospitality trends that have made hotels more susceptible than ever to cyberattacks, according to industry insiders. Nevertheless, hotel companies have dramatically increased their focus, as well as their investment, to fight back aggressively against cybercrime.
LODGING recently interviewed a pair of prominent third-party management executives, as well as a major brand representative, to get their outlook on the current state of cybersecurity within hotels. Paul Bushman, senior vice president of technology & enterprise solutions, Crescent Hotels & Resorts; Keryn McNamara, chief information officer, Aimbridge Hospitality; and Jason Stead, chief information security officer, Choice Hotels International, offered their insights on the topic. The following Q&A represents a portion of those interviews.
LODGING: What are some of the top concerns for your company’s hotels around cybersecurity, and how are you working to alleviate them?
Paul Bushman: Many concerns include but are not limited to ransomware, phishing (email and voice), DDOS attacks, hacks (network), PMS, POS, and other systems, and the advancement of AI to conduct sophisticated attacks and hacks. Additionally, social engineering is at the very top of the list of concerns. According to many reports, as much as 98 percent of cyberattacks involve some type of social engineering. As much as 90 percent of data breaches target people to gain access to sensitive information and personally identifiable information (PII) that can be used for the financial gain of the attacker and other malicious intentions.
Training is the key to prevention. People need to know what to look for and what to do when they find themselves in these situations. It is not an IT system that is going to give a bad actor access to personal and company information; it is the human that is going to unlock and open the door.
Keryn McNamara: For our hotel owners, top concerns are always about the security, safety, and privacy of their guests, including their information. Ensuring we protect that information—along with hotel owners’ financial and technology operations and systems—is paramount to our cybersecurity management program.
At Aimbridge, cybersecurity remains a constant priority. We are dedicated to staying ahead of potential threats by implementing advanced security measures and continuously monitoring for vulnerabilities, emerging threats, and changes in the tactics, techniques, and procedures that are used by threat actors targeting hospitality. Our cybersecurity strategy includes top-tier tools and technologies, as well as strong partnerships with the brand’s cybersecurity teams, with industry leaders, and with government entities and law enforcement to ensure our guests’ data remains secure and our properties are protected.
Jason Stead: The lodging industry has been very highly targeted over the years. It kind of ebbs and flows, but it’s definitely at the forefront these days for the hackers. It’s a little bit like a shark where they smell blood in the water and so unfortunately, when the hackers have success in one area that success brings others as well.