Hospitality Struck Hard by Hackers in 2009
In a multi-industry comparison report by TrustWave, hackers infiltrated hospitality organizations more than any other industry last year, including retail, finance, and more. According to the 2010 Global Security Report, hospitality breaches accounted for a whopping 38% of all breaches investigated by Trustwave SpiderLabs (www.trustwave.com) with the percent of reported food and beverage data breaches (13%), this accounted for more than half of all incident responses investigated by SpiderLabs. What's more, the majority of reported breaches can be attributed to attacks on the systems responsible for the processing or trans-mission of payment card data.
The report identified software-based point of sale systems (POS) as the most frequently breached area across all of the industries involved in the study (85%) because they represent the easiest method for criminals to obtain credit card data. According to the report, POS systems are considered to be low hanging fruit for even the most inexperienced hackers due to the common existence of well-know vulnerabilities and a high volume of potential targets. And for some companies last year, insecure network connections granted hackers unrestrained network access across properties, turning a single breach into a multi-site attack.
The report went on to identify remote access applications, third-party connectivity, and SQL injections as the top three ways by which hackers were able to obtain system access across all of the investigated cases. Fortunately for operators, there are a number of steps that they can take to avoid the opportunity for data theft in the year ahead. The report highlighted ten different strategies that any organization can follow to guard against data breaches. This includes the monitoring of third-party relationships, rethinking wireless strategies, encrypting data, locking down user access, and investigating abnormalities, among others. Staff education is another key suggestion that hospitality operators should take note of, especially as it relates to the Payment Card Industry Data Security Standards (PCI DSS). In the 2009 PCI in Hospitality report, a number of hospitality brands told Hospitality Technology that franchisee awareness and acceptance is a major challenge in this industry. Given the growing importance of PCI, this can be a key tactic to curbing the occurrence of breaches.
What's more, there is a high correlation between PCI compliance and the occurrence of data breaches. A review of the 12th Annual Restaurant Technology Study finds that restaurant operators have made significant improvements in reported compliance and readiness (data was not available for the lodging segment). Across the board, the percentage of restaurant companies that are compliant with the 12 PCI DSS requirements increased in 2010 as compared to 2009.
To download a complementary copy of the 12th Annual Restaurant Study or the PCI in Hospitality report, visit htmagazine.com.