Steve subsequently logged over 30 years of computer industry experience in data security, software engineering, product development and professional services. He has managed product development with UNIX, Windows and Java platforms, founded four software and services startups and raised $42m in venture capital. Steve has held a variety of executive management positions in engineering, product development, sales, and marketing for ConnectandSell, Whittman-Hart, marchFIRST, the Cambridge Systems Group, Memorex, Health Application Systems, Endymion Systems, Blackhawk Systems Group and IBM. Steve is also known as the Godfather of Information Security.
This what your Network Security Insights Blog Ad will look like to visitors! Of course you will want to use keywords and ad targeting to get the most out of your ad campaign! So purchase an ad space today before there all gone!
Customize the title link
Place a detailed description
It appears here within the content
Approved within 24 hours!
If not completely satisfied, you'll receive 3 months absolutely free;
No questions asked!
As we discussed in last week’s blog post, businesses are paying more than ever before for cybersecurity solutions, and market forecasters predict that this spending will only increase in years to come. Every time a large-scale attack gets media attention, publicly-held companies rush to reassure investors that their IT security spending is enough to reduce...
As we discussed in last week’s blog post, businesses are paying more than ever before for cybersecurity solutions, and market forecasters predict that this spending will only increase in years to come. Every time a large-scale attack gets media attention, publicly-held companies rush to reassure investors that their IT security spending is enough to reduce their vulnerability. But is the protection that they’re buying truly worth its cost? And how can smaller organizations ensure that they’re receiving the best value for their cybersecurity investments?
Today’s cybersecurity marketplace is crowded. Buyers are confronted with an ever-expanding array of options when selecting vendors, products and services. Faced with limited budgets and nearly unlimited alternatives, decision-makers can easily find themselves overwhelmed. And armed with the knowledge that organizational investments into cybersecurity have failed to curb the growth of cybercrime, how can you ensure that the protection you’re paying for is real?
Too Much Focus on Endpoints
Traditionally organizations have based their defenses on malware detection and intrusion prevention, primarily attending to the interfaces between their private networks and the public Internet. Legacy solutions like firewalls and anti-virus software programs are primarily preventative in nature, aiming to keep malware from reaching enterprise networks and devices. These preventative approaches become less and less effective with each passing year.
Nonetheless, organizations continue to spend more on endpoint protection than on any other category of security tool. And this spending continues even though these protection platforms are often ineffective: in one survey, 53% of companies who fell victim to a ransomware attack were running multiple antivirus software products simultaneously. And only 52% of these solutions were able to detect a simulated ransomware attack in test conditions. In the 2018 Thales Data Threat report, endpoint security solutions were ranked dead last in terms of their effectiveness.
Too Many Vendors
The cybersecurity market also faces the challenge of oversaturation. With more than 1,200 vendor-specific solutions available, it’s becoming increasingly difficult to choose between them. Decision-makers are tasked with evaluating multiple vendors’ competing claims, but often lack a thorough understanding of what’s actually needed to keep their businesses safe.
The results can be chaotic: in one recent survey, major enterprise CISOs said that—on average—they were relying on more than 80 security vendors each. Although it might seem that such an abundance of solutions would result in ample protection, the opposite is often the case. These solutions are often poorly integrated, failing to communicate with each other or requiring users to log into multiple separate management consoles in order to monitor their performance.
As attack surfaces rapidly expand and attacks grow in sophistication, it can be tempting to simply add another vendor’s product for each newly-discovered vulnerability or threat. But doing so guarantees ever-rising costs, without ensuring that that the solutions will work well together. Organizations already struggle with the complexity of cybersecurity solutions, and when multiple products from competing vendors are being used, it can be even more difficult to extract meaningful threat intelligence from the alerts generated—and to do so quickly.
Cutting Through the Hype
Given these challenges, how can you choose the best security solution for your organization? One answer is to find experts without a financial stake the cybersecurity industry: look for independent authorities to validate any claims made by individual vendors.
One such organization is MITRE. Chartered to work in the public interest, MITRE is an independent nonprofit that operates federally-funded research and development centers. Their objective is to conduct scientific research and analyze technological challenges and cybersecurity threats. For the past five years, MITRE has worked to develop the ATT&CK (Adversarial Tactics, Techniques, and Common Knowledge) framework, a detailed, globally-accessible knowledge base of the tactics and techniques used by attackers, according to real-world observations.
The ATT&CK model’s key characteristic is a shift in primary focus: from prevention to detection. Developed with the goal of detecting advanced persistent threats (APTs) more quickly, ATT&CK is founded on an “assume breach” premise. Researchers at MITRE operate with the expectation that it’s simply impossible to keep attackers off your network, and instead seek to categorize and catalog attackers’ most common post-breach behaviors, with the goal of reducing the amount of time it takes to detect an intrusion.
By making this information available to the public, ATT&CK’s creators hoped to improve the sharing and coordination of intelligence across the cybersecurity industry, and thus to enhance all vendors’ ability to predict attacker behavior and to create stronger dynamic defenses. Instead of concentrating on identifying particular malicious domains, IP addresses or file hashes, which attackers are always changing, the researchers sought to document the general tactics and techniques used by adversaries interacting with real systems.
Lessons from ATT&CK: What to Look for in a Solution
Today’s most effective security platforms are built upon the same foundational premises as the ATT&CK framework: they construct dynamic defenses by focusing on post-breach detection. The threat landscape is constantly evolving: it doesn’t make financial sense to purchase a new solution each time a new attack vector is discovered. Instead you need a multi-layered platform-based approach that can evolve right along with the challenges. A crucial component of such approaches is their reliance on behavioral analytics powered by comprehensive dynamic threat models, which incorporate intelligence from both commercial and open sources (including ATT&CK). An ideal system’s behavioral analytics can be adapted and tuned for your particular environment.
It’s also important to find a system that’s seamlessly integrated, ensuring that components from various vendors will work together to improve overall detection rates, rather than merely generating alerts that you don’t have the resources to investigate or interpret.
As the number and complexity of threats continue to increase, monitoring them is beginning to exceed human capability. Thus moment-to-moment traffic and threat analysis must be increasingly automated, and machine learning and artificial intelligence relied upon to perform this task. How well this “learning” works to set effective network policies is critical to the strength of your defenses.
To learn more about how the Secureli platform incorporates advanced behavioral analytics powered by artificial intelligence into a comprehensive threat detection and remediation system, contact Netswitch today. Our integrated services are available for a flat monthly per-device fee—pricing that will remain stable no matter what happens in the threat landscape.
Cybersecurity spending today is at all-time high, and is poised for further growth. But cybercriminal activity—attacks, breaches and resulting damages—has also peaked. CEOs, CIOs, and budget-conscious investors are all asking: are the available IT security solutions worth their cost? Would it make more sense just to pay off the hackers? Do proactive approaches even work?...
Cybersecurity spending today is at all-time high, and is poised for further growth. But cybercriminal activity—attacks, breaches and resulting damages—has also peaked. CEOs, CIOs, and budget-conscious investors are all asking: are the available IT security solutions worth their cost? Would it make more sense just to pay off the hackers? Do proactive approaches even work?
There’s little doubt that companies are investing more than ever before into IT security. Analysts at Gartner, Inc. estimate that enterprises worldwide will allocate more than $96 billion to their cybersecurity budgets in 2018, an increase of 8 percent from 2017 spending levels. Not only is spending forecast to increase, but the rate of increase is also expected to climb dramatically. In their 2018 Cybersecurity Market Report, for instance, researchers at Cybersecurity Ventures predict that total global expenditures on cybersecurity products and services will exceed $1 trillion between 2017 and 2021, with year-over-year growth rates between 12 and 15 percent.
And actual spending may well be even higher than these predictions suggest, since cybersecurity-related expenses are often incorporated within other areas’ budgets. Security services may be bundled with other IT solution costs, such as software development or infrastructure maintenance. Or they may be classified as “general operational expenses,” or compliance costs. This makes it increasingly difficult to accurately account for them.
What’s most troubling about these numbers, however, is that despite the high levels of spending that they clearly reveal, costs and losses attributable to cybercrime are also on the rise.
In IDG Research’s 2017 State of U.S. Cybercrime Survey, 68 percent of respondents indicated that despite spending more, their monetary losses due to cybersecurity events were the same or greater than the previous year. 6 percent fewer businesses did not report losses, and the number of events resulting in damages increased. Researchers at Cybersecurity Ventures predict that cybercrime will continue to increase in the coming years, and that by 2021 will cost global businesses more than $6 trillion annually.
Given statistics like these, and faced with tight budget constraints, it is tempting for business leaders to conclude that investing in cybersecurity is simply not worthwhile.
Would You Be Better Off Paying the Ransom?
Many decision-makers do in fact take this “save now, pay later” approach. More than a third of the 1,800 companies surveyed in NTT Security’s 2018 Global Threat Intelligence Report said that they’d consider paying a hacker’s ransom rather than investing in information security.
Worryingly, this data reveals that many executives remain unaware of the scope of the risks their organizations face. In the wake of highly publicized ransomware attacks like WannaCry and Petya/NotPetya, the report suggests that these decision-makers tend to overestimate the cost of preparedness while grossly underestimating the financial implications of failing to prepare.
Adding Up the True Costs
It is difficult to perform an accurate cost-benefit analysis when the costs involved are concrete and fixed, and the benefits are less tangible. When considering new cybersecurity investments, executives are presented with finite and predetermined costs: for hardware and salaries if developing in-house capabilities, or on a per-employee or per-device basis if outsourcing. The actual costs of an attack or breach are far more difficult to quantify, however.
Damage to brand image and reputation is of major concern to cyberattack victims. In the NTT Security Report, a majority of respondents feared that “loss of consumer confidence” or “damage to brand/reputation” would result from an information security breach. Although the consequences of tarnishing a brand are undeniably real, it is notoriously challenging to express these losses in financial terms. But in any industry with significant competition, customers lost because they no longer trust you in the wake of data compromise most likely will never return.
Other potential costs, too, are frequently ignored in cybersecurity risk calculations. Would your cybersecurity insurance premiums increase? Or might your insurer even refuse to pay out if you were shown to have neglected your responsibility to follow best practices? What would it cost to replace top talent if high-level employees resigned in the wake of the incident? And what damage would be done to your relationships with other vendors or business partners?
Tomorrow’s Risks Will Be Even Greater than Today’s
The threat landscape is ever-changing, and cybercriminals will continue to employ the tactics that give them results. The use of ransomware, in particular, is on the rise. SonicWall recently reported a 229% increase in ransomware attacks from 2017 to 2018. This includes high-profile cases like the SamSam attack that crippled the city of Atlanta as well as numerous smaller-scale incidents. Taken together, ransomware costs have spiraled into the billions, and are likely to grow further as threats become increasingly strategic, targeted and sophisticated.
If even a small percentage of victims pay the ransom, threat agents are strongly incentivized to continue to develop and deploy ransomware, and to target increasing numbers of organizations. And if it becomes widely known that one-third of companies would be willing to pay up, we can expect to see exponential growth in the number of attacks.
You Don’t Know If You’ll Get What You Pay For, Or What the True Cost Will Be
A few years ago, some experts advocated paying the ransoms demanded by cybercriminals, arguing that an “honor among thieves” mentality prevailed, and most would decrypt or relinquish or return control of your files once paid. Real-world data belies the wisdom of this approach, however. In a recent research report by the Cyber Edge group, only 19% of the victims who paid actually got their data back.
Some criminals never intended to return the data, while others—through ineptitude or poor coding skills—find themselves unable to fulfill their promises to decrypt the files.
There’s simply no way to be certain that paying a ransom will restore your data.
With so many attackers today demanding payment in Bitcoin or other new cryptocurrencies, and with the value of these digital assets fluctuating daily, it’s also incredibly difficult to estimate—in dollars—how much the ransom will actually cost.
While it is possible to estimate the cost of a data breach—the Ponemon Institute puts it at $148 per stolen record, for an average total of $3.86 million—predicting the impact of a future ransomware attack is more challenging. Real-world examples show that the costs can be extremely high, and that a single incident can cripple your business. Or even destroy it. This isn’t a risk worth taking.
A proactive approach is without question the best one.
Stay tuned for our next blog post, where we’ll discuss the most cost-effective ways to fight ransomware and data compromise, and how to stay proactive on a budget. Or contact Netswitch to learn more today.
Pharmaceutical executives are used to thinking of their products as drugs or medicines—molecular compounds used to treat or cure diseases, to aid in diagnosing them, to prevent their occurrence, or to lessen their severity. Today’s consumers (and insurers) are increasingly demanding results instead of medications, however. This shift to outcome-based medicine has been enabled by...
Pharmaceutical executives are used to thinking of their products as drugs or medicines—molecular compounds used to treat or cure diseases, to aid in diagnosing them, to prevent their occurrence, or to lessen their severity. Today’s consumers (and insurers) are increasingly demanding results instead of medications, however.
This shift to outcome-based medicine has been enabled by digital transformation. With the rise of social media and other digital channels to communicate health information, and in the face of growing pressure to contain costs, consumers and insurers alike are insisting that drug companies prove and publicize the safety and efficacy of their products.
Industry leaders are beginning to recognize opportunity within this imperative: adopting “digital first” approaches can not only improve pharmaceutical marketing and communications, but also enable companies to diversify their revenue streams by offering new services and digital solutions to complement their traditional products. Moving “beyond the pill” in this way can potentially improve clinical outcomes for patients as well as profitability for pharmaceutical companies.
Pharmaceutical Companies Struggle to Keep Pace with Digital Transformation
But making this shift requires a quantum leap, not a minor adjustment. And the industry has struggled to keep pace with change. A 2016 McKinsey & Co. report, for instance, identified pharmaceutical companies as having fallen “dramatically… behind the curve” when compared with those in other industries in terms of digital maturity. Capgemini called the pharmaceutical industry a “digital beginner,” ranking it last, behind nine other industries, when assessing investments in technology and digital leadership initiatives.
These are multiple reasons for this lag’s existence. First of all, the pharmaceutical industry tends to be conservative because barriers to entry are steep, keeping out startups and innovative smaller businesses that lack extensive funding. The cost to develop a new drug tops $2.6 billion and takes more than ten years. Only established companies can afford these sorts of research and development expenditures, but these larger organizations tend to be hobbled by legacy infrastructures that cannot be easily adapted as technologies change.
The pharmaceutical industry is also less adaptable because it is so heavily regulated. Before a company can bring a new drug to market, it must obtain FDA approval, a process that is lengthy, time-consuming, and fraught with uncertainty. Even if a drug finds success in clinical trials and is finally approved, it can be years until the initial investment in R&D is recovered. Thus companies often spend a great deal on marketing their existing product line and fiercely defending the patents they hold. With these fiscal priorities already established, it can be difficult for decision-makers to make digital transformation a budget priority, or to understand which digital initiatives can contribute most to future success.
Finally, pharmaceutical companies are inclined towards caution because consumers of their products are risk-averse. No one wants to take a drug whose side-effects aren’t well understood. And patients are more likely to perceive benefit from taking a drug they believe will heal them (the placebo effect) than a drug of uncertain efficacy. Consumer trust is one of the most valuable assets an established brand in the pharmaceutical industry can possess, and decision-makers may unconsciously resist change in order to retain it.
Cybersecurity Also a Major Industry Challenge
When it comes to cybersecurity, resisting change can dramatically increase risk. And just as pharmaceutical companies have lagged behind other industries when it comes to digital maturity, the industry has also been slow to adopt cutting-edge security practices and technologies.
For industry leaders and smaller pharmaceutical companies alike, the consequences of this unpreparedness can be severe. When Merck fell victim to the NotPetya strain of ransomware in June of 2017, forcing production to a halt, the company incurred more than $300 million in lost sales and repair costs in the first quarter after the attack. Smaller companies, may of which don’t have cybersecurity insurance—as Merck did—and which lack the resources to cover recovery costs, are less likely to survive such an attack.
Precious Intellectual Property
Pharmaceutical companies—both established industry players and smaller companies alike—hold their most valuable assets in digital databases in the form of intellectual property. This IP comprises formulas to create molecules with the power to heal and cure, to reduce suffering, and to earn billions of dollars in profits. But the nature and value of pharmaceutical IP is widely known, making companies uniquely vulnerable to highly advanced and dangerous threats.
In fact, nation-state level actors have already identified the pharmaceutical industry as a prime target. Well-organized and well-funded, these operatives employ penetration techniques that range from sophisticated zero-day exploits to more mundane—but highly effective—phishing attacks. Companies that have fallen victim to such threats include Boston Scientific, Abbott Laboratories and Pfizer. The US Food & Drug Administration was also targeted, and highly sensitive data (including drug formulas and clinical trial results) was exposed in a breach.
Insider Threat Risks
For the same reasons that they’re an attractive target for nation-state actors, pharmaceutical companies are particularly likely to fall prey to insider threats. Because the potential payoffs for IP theft are so great, unscrupulous employees may be tempted to abuse their access privileges for personal gain. Companies may even be tricked into hiring cyberespionage agents who’ve disguised themselves as skilled workers.
Taking the Safe Path to the Digital Future
It is already exceptionally challenging to defend your organization’s IT infrastructure against the world’s most sophisticated threat actors. And as consumer demand for digital health solutions continues to grow, the scope of the challenge will only increase. Smaller organizations can avail themselves of the kinds of top-tier security resources otherwise available only to major enterprises by partnering with a managed detection and response provider with expertise protecting data with advanced contextual analytics and active system-level surveillance.
When facing threats at this level, it’s nearly impossible to prevent all intrusions before they occur. But deploying a comprehensive security platform can dramatically decrease the time it takes to detect and remediate threats, and this can make all the difference when it comes to stopping the acquisition and exfiltration of your most valuable data. Contact Netswitch today to learn more about what sets the Securli Platform apart.
Previously, we talked about Why You Need MDR to Combat Current and Emerging Threats. In that article, we explained how MSS (Managed Security Services) became available to organizations a decade or so ago. In the beginning, clients were happy with MSSPs. Eventually, however, business owners became dissatisfied with the service. As a result, MDR was...
Previously, we talked about Why You Need MDR to Combat Current and Emerging Threats.
In that article, we explained how MSS (Managed Security Services) became available to organizations a decade or so ago. In the beginning, clients were happy with MSSPs. Eventually, however, business owners became dissatisfied with the service. As a result, MDR was introduced as a new service that can fill in the gaps that MSSPs missed.
Gartner predicts, “By 2020, 15% of organizations will be using services such as MDR, which is an increase from fewer than 1% today.”
However, as Gartner explained in its Market Guide for MDR, there is an overlap between MSS and MDR and it is increasing. This makes it difficult for organizations to decide whether they will use MSSPs or MDR service providers.
To help you decide with what you need for your organization, here is a point by point comparison between MSSPs and MDR:
|Primary Focus||Technology||Technology, people and process|
|Collection, Detection, Identifying Threats||Uses your existing security tools
Perimeter defense is used to identify known threats
Threat hunting is additional service (if offered)
|Proactive threat hunting across network
Conducts behavior analysis and machine learning to detect and identify threats
|Triage, Investigation, and Response||Focused on meeting SLAs
Cursory triage often resulting
in false positives and lacks contextual information
Data sources may not be complete
Remote users and cloud services are not included in scope
|Investigates and confirms threats at Tier 1 and 2 to offer complete understanding of incident
Supports customers during times of highest stress
Services are tailored to use sophisticated technologies including specialized forensic tools
Customized security event management platform
|Integration across security program||Technology often lacks integration points with internal security tools||Technology plugs into the organization’s SIEM, workflow, and SecOp tools|
|Role in internal security strategy||Meant to replace basic internal security functions||Augments and enhances your existing security strategy w/ advanced technology and highly-specialized analysts, threat hunters, and incident responders|
|Threats Detected||Relies mostly on signatures and rule-based detection.
Detects known vulnerabilities and malware, and common, high-volume attacks
Advanced threats are often missed and sometimes even basic attack tactics
|Able to detect malware, targeted attacks, zero-days, and insider threats|
|Staff specialization||Staff does basic log management, monitoring, and investigation via playbook or script
Many employees lack experience and are trained to capably operate small fraction of technology that they show in their advertisement
|Staff delivers focused expertise in advanced malware analysis, threat hunting, forensics, incident response, data science and security analytics, and security research|
It is clear from this comparison that MDR is the better cybersecurity solution for your organization.
If you have not yet invested in detection and response technologies and internal capabilities, you need to consult with an MDR service provider who can help address your cybersecurity needs.
Netswitch offers MDR services to small and medium-sized businesses as well as large enterprises. For more details on how we can assist you in establishing a cybersecurity solution to fit your environment and meets your requirements, please contact us today for a consultation.
When cybercriminals hack into an organization’s network, they can do severe damage. First of all, business will be interrupted in the event of an attack. Normal day-to-day activities will have to be delayed or halted altogether until security experts are done with investigating the incident and eliminating the threat. This is particularly true in cases...
When cybercriminals hack into an organization’s network, they can do severe damage. First of all, business will be interrupted in the event of an attack. Normal day-to-day activities will have to be delayed or halted altogether until security experts are done with investigating the incident and eliminating the threat. This is particularly true in cases of a ransomware attack when criminals are able to hijack a company’s servers and/or its transactions.
When sensitive information is stolen such as customer credit card details, these can be used to steal customers’ money. As a result, customers will no longer trust the company and may, in fact, try to influence others not to do business with the organization.
Attacks can also expose a company’s trade secret, making the business lose its competitive edge.
Why can’t attacks simply be stopped?
- Hackers have the expertise, tools, and all the time they need to attack different organizations.
- The continuous changes, improvement and overall development of technology typically leave many holes and gaps for hackers
- Lack of budget and skilled people to totally stop these criminals.
Approximately ten years ago, MSS (Managed Security Services) became available to all types of organizations. It started out as a great service but eventually, MSSPs (Managed Security Service Providers) proved to be not as effective as organizations have hoped in detecting and responding to targeted attacks. Consequently, MDR was introduced as a service that can complement or fill in the gaps that MSSPs missed.
According to Gartner’s 2017 Market Guide for Managed Detection and Response Services, “By 2020, 15% of organizations will be using services such as MDR, which is an increase from fewer than 1% today.”
We have discussed previously why MDR is a better solution to preventing cybercrime.
In its Market Guide for MDR, Gartner explained that there is an overlap between MSS and MDR and it is increasing. This adds to the confusion in the market and has been making it difficult for users. MSS and MDR have distinct characteristics that buyers need to understand.
The main difference between MSSPs and MDR is that the primary focus of MSSPs is on technology. The MDR approach, on the other hand, “spans people, process, and technology elements and will drive a majority of security market growth over the next five years,” said Sid Deshpande,” principal research analyst at Gartner. This means, added Deshpande, “Prevention is futile unless it is tied into a detection and response capability.”
Today, several MSSPs are leaning more toward MDR as they provide only a few elements associated with MSS. More and more MSSPs, both global and regional, have been adding MDR-type services to their portfolios. This proves that MDR is a better cybersecurity solution.
If you are still using your legacy SIEM and/or MSSP, you need to know:
Three Important Reasons Why You Need to Break Up With Your Legacy SIEM and MSSP
1. Attacks are not linear
Organizations, with the help of their MDR provider, need to monitor and correlate all traffic/incidents – North to South, and East to West – with remediation.
2. There is a need for a smarter cybersecurity solution
MSSPs have been proven to be no longer effective. Businesses cannot afford to just wait for alerts. They need to do proactive threat hunting to prevent signatureless types of malware from getting into their systems and networks.
3. It is time for Holistic approaches to cybersecurity
Organizations need fully-managed detect and response solutions with automated defenses and trending analysis for prevention.
If you’re still not sure if you should shift to MDR, read our next blog post to see a point by point comparison between MSSP and MDR services.
Netswitch offers MDR services to small and medium-sized businesses as well as large enterprises. For more details on how we can assist you in establishing a cybersecurity solution to fit your environment and meets your requirements, please contact us today for a consultation.
Digital transformation’s impact on the hospitality industry has been deep and profound. Online travel agencies (OTAs) were some of the first businesses native to the web. With the advent of OTAs, hotel chains faced market pressure to bring their room reservation systems online as well. Thus the hospitality industry was by necessity an early adopter...
Digital transformation’s impact on the hospitality industry has been deep and profound. Online travel agencies (OTAs) were some of the first businesses native to the web. With the advent of OTAs, hotel chains faced market pressure to bring their room reservation systems online as well. Thus the hospitality industry was by necessity an early adopter of online credit card payment processing technology, and has long faced the challenges inherent in storing and transmitting large volumes of customer financial data.
Established hospitality brands today must also compete with successful upstarts like Airbnb, Uber and HotelTonight—companies that were born digital and are exceptionally skilled at orchestrating online customer experiences. Such competition has shaped customers’ expectations of the hotel and travel industries, and the bar is high: travelers expect that their digital experiences will be convenient, seamlessly integrated with their in-person experiences, and, of course, secure.
Given this history, you might expect the hospitality industry to be better prepared to face cybersecurity challenges than many other industries, but far too often, this isn’t the case. According to the 2018 Trustwave Global Security Report, the hospitality industry underwent the third-largest share of data compromise incidents in general, and the second-largest share of POS compromises in particular. 78% of successful attacks involved credit card data theft.
Recent high-profile breaches have drawn mainstream media attention to the problem. In 2017, for instance, InterContinental Hotels acknowledged that payment card data had been stolen from more than 1,000 of its franchises between September 29, 2016 and December 29, 2016. Trump Hotels saw three major credit-card data breaches in three years between 2014 and 2017, and both Starwood and Hilton experienced significant credit-card data compromise incidents during the same period of time.
The good news is that awareness of cybersecurity’s importance is on the rise within the hospitality industry as well as among the general public. Hotels have built their brands upon a foundation of trust: guests prefer accommodations where they feel safe, and where they can have confidence in the physical security of their possessions. And as industry decision-makers are seeing, a single high-profile breach can do immense—and sometimes irreparable—damage to a hotel brand’s reputation.
But the hospitality industry faces a number of unique challenges that make it especially vulnerable to cyberattacks. Because excelling at creating pleasant and memorable guest experiences is so important to their business model, hotels must keep pace with the evolution of their guests’ technology wants and needs. When guests desire connectivity, hotels offer free Wi-Fi in rooms. When guests want convenience, hotels must maintain immense databases of user information to guarantee ease of payment and continuity of service. When guests wish for personalization, those databases must expand to include increasing amounts of detail.
In fact, almost every step a hotel takes to improve guest experience today is likely to bring an additional cybersecurity risk.
Offering Your Guests Wi-Fi Connectivity
Among all the amenities offered by hotels, the one their guests value by far the most, according to a recent survey by Forrester Research, is excellent Wi-Fi service. In fact, 34% of respondents said they wouldn’t stay in a hotel without it. It’s clear that today’s hospitality industry must meet this demand: guests use this access not only to connect to the digital resources that meet their everyday needs, but also to purchase additional hotel amenities, including food and other room service items, spa or luxury packages, and other add-ons.
But hotel Wi-Fi networks are notoriously insecure, even if protected by passwords that are given out only to hotel guests. Some of these guests may themselves be attackers, as may have been the case with the notorious DarkHotel hack, in which criminals individually targeted specific high-profile hotel guests using sophisticated keystroke-loggers to steal data and system credentials.
Attacks taking advantage of the inherently limited security of public Wi-Fi networks are nearly impossible to entirely prevent. Many of these attacks are enabled by human error, but hotels cannot demand that their guests become better educated about identifying and avoiding threats before logging on to their Wi-Fi networks. Nor can they require guests to access their email accounts or password-protected resources via VPNs. To offer Wi-Fi connectivity as an amenity to your guests is to take on some degree of risk.
Collecting Data to Personalize Guest Experiences
As online booking has empowered consumers to effortlessly compare hotel room rates, hoteliers are increasingly seeking to differentiate their properties on the basis of something other than price. Today’s traveler—especially in the luxury market—expects a highly personalized experience and exceptional customer service. To achieve this end, hotels can leverage data: they can collect and track their customers’ preferences. Everything from the room temperature a guest finds most comfortable, to the name of his favorite newspaper, to the fact that he prefers to check out using an app on his mobile phone can be logged and used to improve his next experience in that hotel.
But the more data the hospitality industry collects, the more carefully they must protect it. Hotels have long accepted credit cards, and are charged with meeting payment card industry (PCI-DSS) security standards. But their systems tend to be complex because they must maintain POS terminals in multiple locations (front desk, restaurant, poolside bar, etc.), so their data tends to be dispersed, and thus more readily accessible. Hotels almost always purchase their POS systems from third-party providers, so they are always vulnerable to system provider-level breaches as well. Because hotels are known to process high volumes of transactions, they are attractive targets for highly sophisticated attacks, and mere PCI compliance is not enough to protect against all threats.
As IoT or “smart” devices come into more widespread use, hotels will be able to automate the personalization of guest experience. But every connected device has the potential to be an attack vector. Electronic room access key systems have already been hacked successfully, locking guests out of their rooms until a ransom was paid in the case of one Austrian hotel. As the number of connected devices increases, this type of attack will only become more prevalent.
The Key to Keeping Hotels Secure
IT infrastructures in the hospitality industry tend to be complex. And they continue to be highly attractive targets. Because of these factors, no single security tool can be relied upon to keep them safe. It’s also unrealistic to assume that an infection will never occur. Hotel security instead demands a layered approach that incorporates multiple tools into an integrated platform, and that offers rapid detection and near real-time response to threats before they become breaches.
Particularly important for networks that must securely process large numbers of transactions and must keep large databases of sensitive information safe is incorporating a Security Information and Event Monitoring System (SIEM) into their arsenal of tools. SIEM examines the behavior of all devices in the network, and creates alerts when there are anomalies. The difficulty with such tools lies in the large number of alerts they are apt to generate—including false positives. That’s why the latest generation of SIEM tools incorporates artificial intelligence to improve the ability to categorize threats. Ideally a SIEM solution also needs human monitoring 24x7x365, so that alerts are never missed, and mitigation is prompt.
Decision-makers in small and mid-sized hotel organizations have worried that such systems are out-of-budget, but a managed detection & response provider can offer enterprise-level solutions at a price point that’s affordable even for smaller businesses. Please come back next week to learn more about “Why You Need MDR to Combat Current and Emerging Threats” can help your hospitality business stay one step ahead of attackers in today’s complex cybersecurity landscape. When you partner with a managed detection & response provider, you’ll be able to incorporate today’s most attractive digital amenities to enhance your guests’ experience without increasing your risk.
Or if you prefer use one of our linkware images? Click here