industry unlocked
Jeff Ogden, General Manager –
Middle East and India, Mimecast
The hospitality sector is facing up to an increase
in cyberattacks and, as an industry known for
holding huge amounts of data, it’s critical that
CISOs and their teams know where the threats
are coming from and how they can be defended
against. We hear from Jeff Ogden, General
Manager – Middle East and India, Mimecast, and
Harish Chib, Vice President, Middle East and
Africa, Sophos, about some of these cyber-risks
and how they can be mitigated.
W
44
What are some of the key cyber-risks
faced by the hospitality industry?
JEFF OGDEN, GENERAL MANAGER – MIDDLE
EAST AND INDIA, MIMECAST
The hospitality industry, like any other major
sector, faces a significant increase in targeted
attacks. According to Mimecast’s newly released
State of Email Security report 2019, targeted
attacks like phishing, impersonation fraud and
ransomware have increased over the last year
and have caused major disruption, including loss
of customers, money and data.
More than 86% of UAE respondents
experienced an impersonation attack and 77%
of impersonation attack victims experienced a
direct resulting loss. And the thing that hurt these
organisations the most was data loss.
The hospitality industry is known for hosting
vast amounts of data. These organisations have
to store and process personally identifiable
information in order to operate effectively
but it also means that they are left with the
responsibility of safely storing confidential
information like credit card data and proof of
identity, including passport numbers.
This automatically makes this industry a
significant target. Just look at the Marriott/
Starwood breach that happened in December
2018. Marriott’s loyalty rewards programme
database was breached and exposed the
personal information of over 500 million people,
making it the second largest breach in history.
When criminals get their hands on
customer information stored by a
hotel group or similar, they can steal
identities and open bank accounts,
credit cards or loans in a victim’s name.
They can also use this information
for targeted social engineering and
impersonation attacks, which means the
cybercrime cycle continues.
HARISH CHIB, VICE PRESIDENT,
MIDDLE EAST AND AFRICA, SOPHOS
A disconnected approach to
cybersecurity is the most exacerbating
security risk faced by organisations
including the hospitality industry. To
understand the root cause of these
issues, we first need to look at the
threats we’re trying to stop.
Cybercriminals don’t use single
techniques and technologies in
their attacks. Instead, they use
multiple techniques in connected,
coordinated assaults.
For example, they might start with a
phishing email that includes a malicious
URL. Clicking on this connects you to a
command and control centre. Using a
combination of credential theft, privilege
escalation and malicious executables,
they then carry out their ultimate goal,
which could be stealing your data, or
holding your data for ransom.
Issue 15
|
www.intelligentciso.com