Omni Hotels Succumbs to Cyberattack
For days, Omni Hotels & Resorts has been dealing with a cyberattack on its tech systems. In a recent statement on the company’s website, the hotel brand said it “immediately took steps to shut down its systems to protect and contain its data” upon learning of the issue.
According to various news outlets and social media reports, Omni ended up shutting down its reservation, payments, hotel room door locks and POS systems for four days. Hotels were having to check in guests manually using pen and paper and employees were required to walk guests to their rooms and unlock the doors for them. At this time, the company claims that most of its systems have been restored already.
While details regarding the Omni Hotels & Resorts cyberattack remain murky at the moment, the hospitality industry is no stranger to these types of attacks.
“Globally, the hospitality industry has been under siege from a variety of different threat actors for quite some time and the entire industry is a bit on edge,” explains Dan Lattimer, Vice President, Semperis. “Omni isn’t alone in facing targeted cyber-attacks as MGM Resorts, Caesars Palace and Marina Sands Bay in Singapore are just three recognizable brands that have been attacked in the last 12 months. In light of the outages at Omni Hotels, kudos to their security team for their diligence in improving their resiliency and eliminating all disruptions as quickly as possible, by deploying their backup data files. With this strategy in place, they will be able to restore their systems in a much quicker fashion.
“For Omni and other hotel chains, when cyber breaches inevitably occur, eliminating single points of failure and having contingencies in place become critical to keeping services online and reducing significant chunks of downtime,” Semperis continues. “In the hospitality industry, specifically, too much downtime can result in significant revenue losses. Today, there’s no silver bullet that will solve the cybersecurity challenges facing most organizations. I recommend companies identify the critical services that are ‘single points of failure’ for the business. If critical services go down, the business stops. Have a plan for ‘what to do if.’ This doesn’t have to be perfect but think now about what to do if email goes away, point of sale systems go down or a customer portal or CRM tool gets locked. And practice makes perfect (or at least better) so organizations should test their plans during peacetime. And keep in mind that Active Directory environments are the most vulnerable entry points and one of the most negatively impactful attacks; hackers frequently target these environments, making it imperative that organizations have real time visibility to changes to elevated network accounts and groups.”