Our CEO, Deepak Kumar Nath, highlighted the importance of cybersecurity in the travel and tourism industry at the 5th Odisha Tourism Conclave 2023, organized by HRAO. He says “With the travel and tourism sector rapidly adopting new technologies to improve products, services, and customer experiences, their cyber systems have become more vulnerable to security risks. The sector’s large financial transactions and valuable customer data make it an attractive target for cyber attackers. “
Deepak Kumar Nath specifies “At Threatsys, How we have successfully undertaken multiple cyber security projects for the tourism industry in Odisha, including OTDC and Odisha Tourism. With the remarkable expansion of the tourism industry in Odisha, particularly through the visionary leadership of our esteemed Chief Minister, Shri Naveen Pattnaik, the successful execution of major events such as the Hockey World Cup and Odisha Conclave in the state have been noteworthy accomplishments. As a result, it is crucial that we place a high priority on safeguarding the confidential customer information stored in hotels. This data includes Aadhaar card and KYC details of international tourists, and without proper security measures in place, there is a risk of illegal data misuse, contravening GDPR Compliance.”
During the discussion with other Panelist i.e Smt Anila Anand, from CID Cyber Crime, Shri Debasis Kumar, HRAO, Director, Victoria Hotel, Shri Rabi Sahoo, HRAO Member, Shri Harman Pal Singh, MD, Hotel Pal Heights. Deepak Kumar Nath highlighted the cyber-attacks that have affected major travel brands such as Uber, InterContinental Hotels Group, and Marriott International, which emphasizes the urgent need for robust cyber security measures in the tourism sector.
Deepak Kumar Nath posed a series of thought-provoking inquiries to the delegates and attendees, focusing on hypothetical scenarios involving various types of security breaches. He asked how they would manage if their reservation software were hacked, how they would handle the loss if someone created a fake hotel website and ran a Google ad to lure in customers, and what their plan of action would be in the event of a ransomware attack. Additionally, he asked how they would assist investigators in solving a case if an outsider guest used fraudulent documents and committed illegal activities via the hotel’s WiFi. These questions left a lasting impact on all those present.
Vulnerabilities could be anything from a simple password that has not been changed from the default one that was set when the system was installed, to a full-blown back door into your network (which is why it’s important to use Penetration Testing and not just vulnerability scanning).
He specified, The tourism industry is a prime target for cyber-attacks, with several types that require heightened awareness among tourism companies, businesses, and individuals who use them. Here are some of the most common cyber-attacks that can be encountered in the tourism industry:
Phishing Attacks:
Phishing attacks involve sending or receiving emails that appear to be from a legitimate source. The aim is to convince the recipient to share sensitive information, such as passwords and financial details. These scams have become increasingly sophisticated, with attackers targeting those in authority to take over their email accounts and send bogus emails to colleagues. These emails may request the authorization of fraudulent transactions.
Ransomware:
Ransomware attacks are designed to take information and certain systems hostage, with the aim of demanding a ransom from the affected parties to regain access. Hotels are at high risk of such attacks, with some having paid more than $17,000 to be able to let guests into their rooms and create electronic keys.
Distributed Denial of Service (DDoS) Attacks
DDoS attacks are a form of hack that targets the various systems used by hotels. Regular items such as sprinkler systems and security cameras are vulnerable to hijack, after which entire computer systems can be brought down. It is essential for hotels to have a process in place to mitigate compromised systems in the event of a DDoS attack.
Point of Sale/Payment Card Attacks
Point-of-sale attacks target vendors rather than hotels themselves, exploiting vulnerabilities in the system caused by human error. These attacks can result in customers being out of pocket and negative publicity for the hotel.
DarkHotel Hacking
hacking sees criminals use a hotel’s Wi-Fi to target business guests by uploading malicious code to a hotel server and using forged digital certificates to convince victims that a software download is safe. It is recommended that guests use virtual private networks (VPN) to conduct business with sensitive data.
How to protect yourself from falling victim in 2023
Start the New Year off on the right foot by educating yourself on the best practices to keep your company secure. Three areas of education, compliance, and best practices to implement include:
PCI DSS Compliance
PCI DSS is a set of requirements and standards that any company that processes, stores, or transmits debit or credit card data must implement. The stated requirements will ensure your company maintains a secure payment environment. International Air Transport Association (IATA) requires its registered agents to comply with the Payment Card Industry Data Security Standards. We empower members of the Tourism industry in acquiring the AOC by completing the PCI Self-Assessment Questionnaire (SAQ). Each vendor in the Tourism industry has a different environment for accepting and processing customer payment data.
Penetration testing for all Hotels and their infrastructure :
Penetration testing is a preventative and proactive approach to tackling cybercrime. A pen test systematically probes for and identifies weaknesses and vulnerabilities in your network infrastructure and application software. Real-world hacking techniques are simulated to determine where and how you can prevent attacks before you fall victim to one.
ISO 27001 and General Cyber Security Audit:
ISO 27001 is the International Organization for Standardization’s standard for information security. It sets out the specifications that your information security management systems should adhere to. It is essential to ensure that your organization’s security measures are foolproof by verifying the security of your firewall, management processes, wireless networks, and systems. Without adequate security measures in place, your travel and tourism organization will remain vulnerable to hacking attacks.”
Let’s Know about Threatsys Technologies Private Limited
Threatsys Technologies Private Limited, is the leading and trusted cyber security Consulting Partner that specializes in securing the IT infrastructure and assets of the leading enterprises globally. Threatsys has distinguished itself by creating a specialized product, CYQER, Cyber yield Quantification for Enterprise and Reporting
CYQER is capable of identifying and monitoring threats with high-value solutions that bring data visibility from any systems, servers, networks, cloud and overlays threat intelligence, behavioural monitoring, SOAR, FIM and a comprehensive SIEM solution together. CYQER Provides security operations centre ( SOC ) Services to help organizations build their strongest defence against cybercrime and maximize return on investment.
Our VAPT scan will be helpful for Travel and Tourism Industry and analyzes the entire hotel booking application and its underlying infrastructure, including all network devices, management systems, and other components. It’s a deep analysis that helps you find security weaknesses so that you can fix them before a hacker attack.
Our VAPT scans are a one-stop solution for all your security needs. Check out some of the features of getting your VAPT done by us:
- Automated and Manual Scanning
- 3000+ tests to keep your infrastructure secure from hackers.
- Easy, accessible reports that you can interpret at a glance with the dashboard.
- Get detailed steps on bug fixing tailored to your issues and know exactly how to reproduce vulnerabilities with screenshots.
- For each vulnerability, Threatsys provides an intelligently calculated risk score.
- You get a CERT-IN verifiable VAPT certificate from us.
Apply for your VAPT and CERT-in-compliant certification