Is the hotel industry getting left behind when it comes to cybersecurity?

  • Phishing: This remains the most prevalent and effective means of cyberattack. The more sophisticated phishing campaigns are often augmented by inside knowledge on the target.
  • Web applications: Web applications are a very easy target for hackers because they can be attacked remotely via the Internet. Hotel websites typically store lots of customer and payment data on their back-end systems.
  • Denial of Service (DoS) attacks: Multiple hotels have reported availability issues with their room management and booking systems due to DoS attacks. In at least one case this forced the hotel to revert to paper-based systems.
  • Point of Sales (PoS) devices: Hackers install malware on PoS devices that allows them to ‘skim’ customer payment information. This data can then be leveraged for financial gain.
  • Wi-Fi: Without the appropriate design and configuration, Wi-Fi provides hackers with an entry point through which to mount attacks on other guests and any connected network or physical system.
  • Ransomware: The primary purpose of a ransomware attack is to deny the target’s access to sensitive information in order to blackmail them for financial gain.
  • Digital door locks: A vulnerability was found in one of the most widely used digital lock systems. The attack became so popular it was used in the TV show Mr Robot, while also appeared in numerous YouTube videos .
  1. New and existing web and mobile applications — for example, guest registration, loyalty programmes and booking systems
  2. New and existing infrastructure — for example, payment systems, WiFi, automated access control security systems
  3. Physical devices — for example, automated access control security systems, smart TV’s and entertainment systems, HVAC and lighting systems
  4. Supply chain: A businesses supply chain can become a target for attackers if they identify a weakness in third party applications or infrastructure that allows them to circumvent your security systems. Hotels are often required to share large volumes of data with their supply chain, meaning it is equally critical that third party systems are assessed and scrutinised to the same extent as your own organisation’s.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Leading with strategy, design and architecture, we connect cloud, data, and cyber to engineer and deliver large-scale, complex transformations.