Summertime is a busy season for everyone — including cybercriminals. As hotels, airlines and resorts get ready to welcome vacation crowds, hackers are preparing to launch even wider cyberattacks.

Increased travel may be good for business, but it’s also good for cybercriminals. Increased tourism means more customers, more financial transactions and more data flowing for hackers to intercept, steal and lock down for ransomware attacks. Meanwhile, the extra-busy season also means IT infrastructures are under strain, increasing the likelihood of overlooked vulnerabilities. Plus, IT teams are out of the office on their own summer vacations, leaving hotels’ and airlines’ networks vulnerable to foul play. 

So what can the hospitality industry do to protect its systems from increased attacks? 

Cyberthreats to watch for

Summer may bring a spike in cyberattacks, but the threat is nothing new. For years, the hospitality industry has been a prime target because of the sheer volume of personal data it handles — names, addresses, credit card details and even passport numbers. Each breach gives hackers access to valuable information they can sell on the dark web, sometimes for millions. It’s no surprise, then, that travel and tourism now ranks third among all industries for reported cyber incidents, according to a Thematic Intelligence report. 

To keep your organization safe, you can take steps now to prepare defenses for bad actors’ most common techniques: phishing, ransomware and credential stuffing. 

Phishing attacks occur when bad actors pose as trusted sources — often managers or IT teams — to trick users into clicking malicious links, sharing login credentials or authorizing fraudulent payments.

For example, a hacker might impersonate a hotel’s IT support team, emailing the front desk about an “urgent security alert.” The phony email might persuade staff to confirm usernames and passwords or grant access to the so-called “IT support team” so they can “fix” the security issue. Unwittingly, that employee gives the hacker full access to the hotel’s network, wherein they can steal data, deploy malware or otherwise disrupt operations. 

Another common tactic is sending bogus invoices that automatically activate malware when opened. Bad actors can also target hotels’ guests by sending fake booking confirmations, check-in links or travel updates that request additional payments or login credentials, tricking guests into handing over their money, data or both. 

Ransomware, meanwhile, locks down systems, making them unavailable until the owner makes a payment. During busy seasons, most hotels can’t afford operational downtime, so when hackers demand ransom payments in exchange for restored access, hotels are in a difficult position. 

But money isn’t the only asset at risk if your organization is hit by a ransomware attack. Reputational damage and loss of customer trust can be hard to quantify, but they’re even harder to win back after a publicized data breach. 

Additionally, there is credential stuffing, an automated attack in which hackers employ bots along with previously obtained login credentials to access accounts on other platforms. The cybercriminals may have bought these usernames and passwords on the dark web or stolen them in another data breach. The bots allow hackers to automatically “stuff” these credentials into login portals to try to gain access to customers’ accounts, after which they can make fake purchases, redeem loyalty points or steal even more sensitive data. 

Beating the hackers

Phishing attacks, ransomware and credential stuffing are, unfortunately, just the tip of the iceberg. There’s a lot more hackers can do to compromise an organization’s network, halt operations and steal customers’ and employees’ data, leaving the company with revenue loss, reputation damage and potential legal consequences. 

Even for large-scale, experienced cybersecurity teams, there’s simply too much cyber activity to stay on top of all at once. That’s why more hospitality organizations are turning to industry collaboration to fortify cyber defenses. 

By joining forces with other hospitality organizations, a company can level up its cybersecurity defenses without dramatically increasing the budget. Through working with industry peers to share cyber intelligence, exchange best practices, benchmark against each other and work on common challenges, companies can build better, comprehensive security. 

For example, intelligence-sharing enables faster threat detection, providing companies with early warnings about phishing campaigns, ransomware activity and the like. This allows companies to take a proactive, informed approach to cybersecurity defense. 

Collaboration also reduces the time it takes to understand attacker tactics, techniques and procedures, enabling companies to respond to cyber incidents more quickly for reduced downtime and minimized damage. 

Joining industry initiatives, meanwhile, gives companies real-time access to community-sourced playbooks and real-world case studies, helping to create an internal cyber culture of continuous learning and improvement. 

For hotels and travel industry businesses, the summer season means more tourists and more bookings, but it also means more cybersecurity risks. Joining collaborative industry initiatives and participating in threat intelligence-sharing can give you the leg up you need to stop hackers in their tracks.