Home
/
Resources Resources
/
Cybersecurity: The Top Threats To Look Out For

4 June 2024

Cybersecurity: The Top Threats To Look Out For

The issue of cybersecurity attacks is not a new phenomenon. Cyber threats have been prevalent since the inception of the internet, but in recent years, their frequency and severity have grown significantly. The projected global costs of cybercrime are expected to skyrocket to $10.5 trillion by 2025, a sharp increase from the $3 trillion recorded in 2015. As a result, it is imperative for businesses to enhance their security measures to combat the ever-evolving landscape of cyber threats.

Cybercrime can have a significant impact on various sectors and industries, with the travel and tourism sector being particularly vulnerable. The vast amount of secure and personal data handled by the travel and hospitality industry makes it a prime target for cyber attacks. Therefore, it is crucial for travel providers to prioritise cybersecurity measures to safeguard sensitive information and protect both their businesses and their customers.

As the digital ecosystems of the travel and tourism industry continue to expand, they will also become increasingly susceptible to cybercrimes. It is crucial for companies within the travel and tourism chain to prioritise cybersecurity awareness, strategies, and safeguarding in order to ensure the utmost security of their data.

Why is the travel industry susceptible to cybercrime?

As a global industry with many – literal – moving parts, the travel industry is often targeted by cybercriminals. Analysis of data breaches and cyberattacks have identified numerous reasons for this, such as:

The industry’s huge fragmentation
The complexity of the travel booking and payment networks/platforms
The existence of many travel agents and third-party service providers
Poor security systems when it comes to IT and point-of-sale (POS)
Human error
The millions of travellers all interacting with travel providers within cyberspace

How can travel businesses mitigate cyber-attacks?

Human error was identified as one of the biggest threats to cybersecurity in 2023, so many common cyberthreats may be avoidable with the right education.

It’s estimated that, by 2025, around 99% of data breaches will be caused by a misconfiguration within settings or installation by an end user. So, this suggests that with proper education, and a thorough cybersecurity strategy, travel providers will be able to mitigate the impact and severity of many common cyberthreats.

What a good cybersecurity strategy should involve:

Contingency planning
Immediate actions outlined – for varying types of breach or attack once discovered
Post-breach responses
An understanding of current cyber risks

Here is where consolidating your tools and resources, and leveraging third-party expertise to manage complexities and augment capabilities can give you a leg-up when it comes to protection against those more common threats.

As cyberattacks continue to evolve and grow more sophisticated, it is clear that implementing frequent company-wide training can be an effective strategy in mitigating the risks associated with data breaches. The alarming statistics on data breaches underscore the importance of staying updated on the latest threats and taking proactive measures to safeguard sensitive information.

But for now, let’s look at some of the most common cybersecurity threats and what shape they take, to help you as travel providers improve your awareness.

Social Engineering

Social engineering is widely recognized as one of the most common and hazardous tactics used by cybercriminals. This is mainly due to the fact that social engineering, in its many forms, exploits human mistakes rather than technical weaknesses. It is much simpler to deceive or influence individuals than it is to penetrate a security system, and it is apparent that cybercriminals are well aware of this fact. Research indicates that over 85% of all data breaches stem from human interaction or error.

Throughout the year 2023, social engineering techniques played a crucial role in cybercriminals gaining access to employee data and credentials for the purpose of carrying out cyberattacks. Among these techniques, phishing stands out as a leading cause of data breaches, with more than 75% of targeted attacks originating from deceptive emails. It is important to note that these tactics are continuously adapting to leverage emerging trends and technologies in order to stay ahead of security measures.

What can phishing attacks look like?

Spear phishing – this targets specific individuals or organisations, hence the term ‘spear’, most typically using malicious emails. The goal of these emails is to obtain sensitive data such as login credentials, or to infect the users’ device with malware (which we will explore later).
Whaling – a type of attack that targets senior or C-level executive employees, with the aim of stealing money or information on the business, or to gain access to their devices to carry out further attacks.
Vishing – the use of fraudulent phone calls or voice messages, often masquerading as a legitimate business, to convince individuals to share sensitive, private data such as bank details and passwords.
SMiShing – the use of fraudulent text messages, in much the same way as ‘Vishing’, to steal sensitive, private data. This can often take the shape of your bank, or a shipping service.

Other social engineering techniques can involve:

Business email compromise (BEC) - a prominent technique in which attackers assume the identities of trusted email addresses – often internal business users – to trick other employees or clients of the business into sharing data that could compromise the business, or make payments, amongst other goals.
Pretexting – here cybercriminals gain access to a system or a user account using a false scenario that gains the victims trust through manipulation. Attackers could pose as a HR employee, or an IT specialist, for example.
Disinformation campaign - these spread false information, usually with the goal of amplifying fake narratives using bots and fake accounts on social media networks.

Among these techniques, travel providers are most likely to encounter business email compromise attacks, primarily due to the extensive chains of internal communication. Once attackers gain access, they typically send phishing emails to employees or clients of the business in order to obtain more sensitive data or prompt financial transactions. They may also utilise the compromised account to launch attacks against other employees or the businesses' systems.

Business email compromise attacks can be carried out in multiple ways, including:

Phishing – as explained above, this type of attack often using emails to trick employees into sharing sensitive data and are usually from a ‘trusted’ source. Social engineering techniques are then used to prompt the recipient into action.
Malware – this is the use of malware – malicious software - to infect a user’s computer and therefore gain access to their email accounts. Once installed, this malware can steal other sensitive data from this computer.
Social engineering – often, this type of attack (closely linked to phishing), tricks employees into divulging sensitive information or grant access to their email accounts. Usually, this involves impersonation to gain trust.
Manipulation of weak passwords – if employees use ‘weak’, reused, or easily guessable passwords, cybercriminals can obtain access to internal email systems by guessing these passwords.

How can travel providers protect against business email compromise?

Train employees on how to identify and avoid phishing emails
Insist employees use strong passwords and two-factor authentication
Keep software and cybersecurity systems up to date
Implement email cybersecurity measures, such as spam filters

Third-Party Security Treats

Throughout 2023, there was a noticeable rise in third-party breaches as numerous companies globally transitioned to independent contractors to carry out work previously done by full-time staff. Consequently, this surge led to a larger pool of less-secure networks that had access to the main target, all of which were associated with these third parties. These less-secure networks are exploitable by hackers, as seen in the memorable attack on the U.S’s Colonial Pipeline in 2021, by obtaining compromised credentials, accessing a VPN without multi-factor authentication, and demanding a $5 million Bitcoin payment to regain access.

As the trend towards remote or hybrid work increases, with over 50% of businesses showing more willingness to hire freelancers, the rise in remote or dispersed workforces brings about ongoing challenges in third-party security threats for travel businesses of all sizes.

Cloud Vulnerabilities

With many more businesses adopting cloud-based systems, the growth of cloud-based cyberattacks likewise grows. It’s estimated that cloud security is the fastest growing cybersecurity market, growing around 41% from 2020 to 2021.

In today's fast-paced environment, with cloud-based systems taking on more corporate workload, businesses are turning to 'zero trust cloud architecture' for enhanced security. This approach, designed to assume a system has been compromised, requires additional verification before granting access to recognized devices, or any device within the perimeter of the network.

Keeping on top of cloud security practices is critical, and can include:

Monitoring access to sensitive resources
Enforcing strict password requirements
Implementing a sound data backup plan
Leveraging data encryption

What are the most common cloud-based threats?

Commonly referred to as the ‘egregious eleven’ by security professionals, these are the most ‘popular’ access points:

Data breaches
Misconfiguration and inadequate change control
Lack of cloud security architecture and strategy
Insufficient identity, credential, access and key management
Account hijacking
Insider threat
Insecure interfaces and APIs
Weak control plane
Metastructure and applistructure failures
Limited cloud usage visibility
Abuse and malicious use of cloud services

Supply Chain Attacks

A recently emerging tactic, supply chain attacks involve the breach of supply chain technology, such as Application Programming Interfaces (API systems), commonly found in the travel industry. This infiltration allows access to source codes, build codes, and other software components. The attackers then exploit these legitimate platforms and applications to disseminate malware throughout the supply chain systems.

Considering how often supply chain systems are used within the travel and tourism industry – particularly through API integration – it’s important to know how to reduce the risk of this kind of attack.

In the modern travel industry, travel APIs are a powerful tool that many businesses utilise. By allowing different systems to communicate seamlessly, they create a unified platform where customers can easily access all travel products in one place. These API systems are highly effective in helping travel providers create user-friendly systems that stay ahead of hospitality tech trends. It also means travel providers can enhance their business success by increasing their distribution through API integration, offer customised tour packages or itinerary planning, provide quotes, or display availability and booking options.

However, these systems are also vulnerable to attacks. But hope is not lost! There are many ways to protect against supply chain threats, including:

Use endpoint monitoring tools to spot and stop suspicious activity
Stay current with all system patches and updates
Implement integrity controls to ensure users are only running tools from trusted sources
Require admins and other users to use two-factor authentication

Ransomware

While certainly not a new threat, ransomware attacks have become significantly more expensive in the last few years – with costs expected to reach $265 billion by 2031 - and so continue to present considerable challenges to businesses of all sizes.

Ransomware, in essence, is a form of malicious software that restricts access to computer systems until a ransom is paid. This involves utilising malware to seize control of computer systems, retrieve data, files, or sensitive information, and then requesting payment in exchange for restoring access to the original user.

Of course, before the ransomware attack can take place, hackers must obtain access to their targets’ systems. The most common methods of infiltration include:

Phishing
Remote Desktop Protocol (RDP) and credential abuse - wherein hackers use ‘brute-force’ or purchase credentials with the goal of logging into systems to distribute malware.
Exploitable software – such as unpatched or out-of-date software.

Modern endpoint detection and response (EDR) technology can often protect against ransomware attacks, by stopping the execution of malicious software in the first place. Many businesses also benefit from the setting of cybersecurity parameters, to keep employees from straying too far from safe browsing locations on their corporate devices.

The Internet of Things

In the realm of technology, physical objects, the 'Things' in 'Internet of Things, are evolving to be more intelligent by integrating sensors, software, and other advanced technologies. As we continue to depend on these interconnected Things to communicate and exchange information online, their vulnerability to cyber threats also increases.

While there are multiple ways that smart devices and objects connected to an online network, some of the most common methods are:

Default passwords: Hackers can exploit default passwords often supplied for smart devices, or easily guess reused and weak passwords or access codes for individual or business devices. These are then used to gain access to the device, its data, and facilitate further attacks.

Unsecured Wi-Fi networks: public Wi-Fi networks are often unsecured or use weak encryption, and these can be exploited to intercept data.

Fortunately, there are ways to protect your devices, including:

Having users select secure passwords
Staying current with Operating System (OS) and software updates
Encouraging clients to encrypt their data
Installing antivirus or anti-malware protection
Changing default passwords
Avoiding unsecured Wi-Fi networks
Being cautious of suspicious emails or links

Financial and reputational loss

The repercussions of a cybersecurity breach can have widespread and severe implications for businesses, regardless of their size. Small businesses may never fully bounce back from an attack, and larger businesses could be subjected to penalties, legal action, a decrease in clientele or staff, as well as tarnishing their reputation.

For many travel providers, one of the key consequences will be the loss of reputation, which – should the business recover – will involve a long and detailed strategy to recover this reputation both for existing and potential customers. After all, how many people are going to choose a company that, from an external perspective, hasn’t protected its customers?

Another main consequence is the disruption to operations following a breach or attack, the consequence investigation that must take place, and the change to business practices after the resolution of the attack.

Ensuring that your business has strong cybersecurity protection and awareness at all levels is essential to defend against the common cyber attacks mentioned earlier. Seeking expert training and advice from security professionals will help keep your business practices, cybersecurity strategies, and overall understanding of cyber threats current and effective.