The cost of data breaches continues to skyrocket and is taking center stage in the boardroom. The employment market for cyber security professionals is extremely competitive. Aside from internal roadblocks, technology tools are evolving rapidly, and it is getting harder to decipher the best solutions to both complement a business and diminish risk.
Attackers are working together, selling or trading information to gain illegal access to hospitality systems. But there is power in numbers, and it’s time the industry unites to defend against these powerful dangers.
Emily Wilson is marketing manager of Hospitality Technology Next Generation.
There are many different silos of security information to be shared, including exercise responses, readiness levels, decision-making, budget priorities, alerts and warnings, network activity, situational awareness and more. The collaboration of all of this information ultimately allows companies in the same space to collectively defend customers, staff and assets against the evolving threat landscape. Organizations also can multiply their knowledge and mitigate risk much more quickly than if they were working independently.
This idea of collaboration became prominent through a U.S. presidential executive order in 1998 that mandated major infrastructure sectors to create organizations to share security information among companies inside those sectors.
These organizations, Information Sharing and Analysis Centers (ISACs), help owners and operators in a sector work together to protect their data from security threats. ISACs exist for industries including electricity, financial services, information tech and more. These organizations curate and share critical information around cyber and physical security as quickly as it happens in a confidential matter.
Many companies have experienced a range of attempted attacks, so it is important for these ISAC groups to coordinate responses and to develop best practices, architectures and other materials that grow the security posture in their industry. If an attacker gets through one person or system, it won’t be too long until that attacker tries the same method on the next, and the next.
Travel and Hospitality ISAC
It is a pivotal point in time to bring this same collaborative focus around cyber security and defense to the travel industry. When an individual “travels,” their journey encompasses touch points from rail, to rental cars, hotels, cruise lines, travel management companies and more. These sectors need to secure the entire travel experience for their guests.
In late 2018, the Hospitality Technology Next Generation (HTNG) launched the Travel and Hospitality ISAC. This group evolved from HTNG’s Chief Information Security Officers (CISO) Forum, in which top-level hotel security officers and analysts participated. As more activity around cyber security crimes surfaced, in under a decade the CISO Forum grew to represent, and uphold active participation, from over 25 global hotel brands. It’s critical to continue to leverage not only those directly in the industry but to dive further into overlapping industries.
Having a specific group of participants to evaluate how malware can develop and determine ways to accurately mitigate risk is critical to the security of each participant’s organization and strengthens the entire ecosystem.
Moving forward, the Travel and Hospitality ISAC platform, and other industry ISACs, are expected to grow exponentially as a multitude of industry-level cyber security analysts generate threat intelligence for their respective audiences.