Cyber attacks on hospitality businesses are becoming more common as criminals move away from targeting large corporations towards the low-hanging fruit of relatively unprotected SMEs. IT support specialist James Carson discusses the online challenges for the sector
The world we live in has changed significantly in the past five years and long gone are the days when the local anti-virus software running on your PC provided adequate protection. If you think about how much more we use our computers to transmit financial information compared to five years ago, it is not surprising that network attacks and security breaches have become a huge industry.
It is no longer only the large organisations being targeted, the threat to small and medium-sized businesses (SMEs) is growing rapidly. The increase in targeted attacks on SMEs has grown from 18% in 2011 to 41% in 2013. This is because the cost to breach an SME is far smaller than that of a large company: small enough to warrant the small return gained. Moreover, the focus on security by SMEs up to now has been lacking, despite the fact they are now 15 times more likely to be breached in an attack than larger firms.
It’s easy to see why now, more than ever, SMEs are being targeted. It’s not the large corporations, who invest millions in IT security every year to protect themselves, but the SMEs, who are most at risk. To the attackers these businesses are the easy pickings. Hospitality is one industry that fits into this classification perfectly, and it’s of no surprise.
Until recently, the need for IT systems was important but not critical to the hospitality industry. Its dependence on IT infrastructure was minimal as payments systems were hard wired, and tills and desktops were working locally with little dependency on live data to run the business. Now the sector requires live systems directly linked into live networks; from taking payment on a Wi-Fi PDQ to ordering new stock, almost every business-critical task depends on connectivity to the internet.
As this shift in IT dependence occurred, little thought was given to the security of hospitality infrastructure or consideration on the implications it would have – this implication being increased exposure to attacks and breaches. While you may not be aware of it yet, you are being targeted and there are measures that should be taken.
The days a computer hacker was simply a security specialist who studied computer science, and was hacking your system for the challenge, have long gone. Phishing, key loggers, malvertising and social engineering are all used to gain entry through your security systems and it is now a huge industry. These skills are sold online on the black market making the process to infect systems and gain access to data cheaper and simpler than ever. This is illustrated in the press every day; ransomware attacks are now a commonplace news story.
As risks have grown, so too have the layers of complexity. How many third-party suppliers now have access to your networks? How many third-party systems such as till systems, music systems and CCTV share your corporate networks? In hospitality, we often find so many back doors have been left open that it is far too easy for an attacker to waltz through and steal your data – or worse.
The need for more confidential data online, more complex systems and more online financial transactions can lead to more security breaches than ever. It’s a formula for disaster.
■ James Carson is MD of IT specialist Support Tree, which is hosting a peer group workshop on 18 November in London to discuss how the hospitality industry is handling the challenge of online security. To find out more about the event, email james@supporttree.co.uk
