21 December 2018
Will Marriott Data Breach Herald the Death of Personalization?
In the context of the Marriott data breach, Greg Abbott, SVP of Travel & Hospitality at DataArt, shares with Hospitality Net the reasons why security is not on the hospitality companies’ agenda and proposes measures to prevent data breaches.
“First of all, there is no upside to security. It doesn't drive new revenue or customer acquisition, making the "cost" of increased security measures difficult to justify (until now, anyway).
Furthermore, hotels' complex, distributed IT systems (internet booking engines, distribution systems, customer relationship management and hotel local systems) call for sophisticated, multi-dimensional, and expensive security measures. Most organizations focus on their perimeter security at the expense of breach detection and response within the internal network.
They simply ignore the fact that attackers need only find a single flaw in a vast landscape, while defenders need to cover the entire attack surface. Even if they do so, there is a range of "unfair" attack methods, including social engineering, zero-day flaws, and insider attacks, that are not possible to cover by perimeter defense.
Hotels need to subscribe to regular audits and penetration testing of their infrastructure, both internal and external.
‘Red teams’ use various techniques, including social engineering, phishing, or posing as a company employee, to penetrate the internal network. During such simulated attacks, companies get a realistic view of their defense capabilities.”