If you are an IT manager who works in the hotel industry it turns out that you probably have your hands full dealing with a recent set of attacks by cybertheives. It seems as though the bad guys who used to busy themselves going after retailers have now turned their attention to the hotel industry. Are your IT manager skills and your IT team ready to do battle with them?
Where Are The Attacks Happening?
The bad guys appear to be going after the brand name hotels. Hyatt hotels has reported that 40%v of their hotels (250 hotels) have been attacked. The attacks occurred at hotel restaurants, front desks, spas, and parking facilities. This attack lasted for a four month period. Unfortunately there is no IT manager training that tells us how to deal with this kind of event.
The bad guys have decided to go after hotels for a number of different reasons. The biggest motivator is that hotels have uneven security in place at their hotels and their hotel-based restaurants, gift shops, and spas. One of the reasons for the gaps is because many of these other services are provided by other companies who may use different and in some cases less secure security methods.
What the bad guys seem to want is credit card and hotel customer data. The people who track such things are saying that the data that has been stolen is finding its way onto the black market and the result is that hotel guests are starting to see fraudulent transactions show up on their credit card bills. The reason that hotels have become such an attractive target for thieves is because they are frequented by business travelers who place so many charges on their credit cards that the chances of noticing the fraudulent transactions is less.
How Are The Bad Guys Getting In?
There are a number of different ways that the bad guys are getting their hands on the credit card information of hotel guests. Hyatt has reported that it has found malware (software inserted into its computers) that was designed to collect cardholder names, card numbers, expiration dates and security codes. In the case of Hyatt, they say that most of the cards that were exposed were used at the on site restaurants located at their hotels.
The Starwood chain of restaurants also discovered bad things going on in their computer systems. They were in the process of upgrading the security features in their property management system when they discovered software that should not have been there. In the case of the Starwood breech, the attack lasted for 8 months and hit 54 locations. The bad guys were able to get their malware to infiltrate payment systems at hotel restaurants and gift shops where they were able to collect customer names, card numbers, security codes, and expiration dates.
Hilton hotels has also reported a breech. Their hotel chain consists of 4,500 hotels and they have not yet provided any information on how many of these properties have been hit by the breech. They have asked their guests who stayed with them from April to July to review their credit card bills in order to look for suspicious transactions. The good news for credit card holders is that they are not responsible for any unauthorized transactions on their cards, but there is a great deal of hassle involved in getting them replaced when they have been compromised.
What All Of This Means For You
IT managers who work in the hotel industry have to be aware of the types of attacks that are being launched against hotels. The people who had been going after retail operations appear to have shifted their focus to hotels in the hopes that business travelers will be too busy to detect fraudulent transactions on their credit cards.
The uneven security at hotels and at the services that they offer using outside firms makes for an inviting target for bad guys. They are especially interested in going after hotel-based restaurants, gift shops, and spas. The reason for these attacks is because the bad guys want credit card and hotel customer data. Once they get this information, it will quickly make its way onto the black market. All of the major hotel brands, Hyatt, Hilton, and Starwood have suffered attacks.
IT managers in the hotel industry and their teams need to take time out from IT team building and be aware of what is going on. As you create systems to be used by hotels and other hotel services, you need to make sure that the security features are baked in and not added afterwords. If you can do a good job of securing hotel IT systems, then perhaps you can convince the bad guys to go somewhere else!
– Dr. Jim Anderson
Blue Elephant Consulting –
Your Source For Real World IT Management Skills™
Question For You: What’s the best way to convince the other businesses who work at a hotel to secure their IT systems?
P.S.: Free subscriptions to The Accidental IT Leader Newsletter are now available. Learn what you need to know to do the job. Subscribe now: Click Here!
What We’ll Be Talking About Next Time
How many different ways do your IT teams communicate with each other? Let me count the ways: email, text, phone call, Facebook, tweet, and even some face-to-face talking. Having all of these different ways to exchange information brings up an interesting question for IT managers that we don’t have any IT manager training for – do they really need yet another way to exchange information? Interestingly enough, the answer turns out to be “yes”.