6
June 2014
Industry One on One
What are the security issues currently facing the Travel & Hospitality industry?
Question:
Response:
The biggest security issue is that the industry possesses very valuable digital assets that are
attractive to sophisticated adversaries. First, as with many retail industries, the Travel &
Hospitality industry has access to guest credit card information. A strong case study for the
Travel and Hospitality industry would be the Target breach as an example. The estimated black
market value of the sale of the credit cards stolen from Target could soar as high as $4 Billion.
That is a big payday for the hackers who stole the cards, and is likely to strongly incentivize a
new breed of criminals to pursue similar gains in attacks against other companies.
Second, the Travel & Hospitality industry possesses an asset that is not typically common to
other industries: guest safety. Digital locks have for years piqued the interest of both the
research community and the crime community, and as the industry is exploring the use of
customer’s mobile phones to replace keycards and other guest registration functions, that
attack surface will only grow even more serious than it already is. If an attacker can replicate
the hotel access key, the attacker can enter the guest’s room, putting the guest’s personal
safety and property at risk. Such an attack harms a far smaller pool of victims than a
widespread database breach, but the impact of the harm is tremendously personal and violating
in ways that a stolen credit card never could be.
The McLean Group
Ted Harrington, Independent Security Evaluators
Ted Harrington
