Hotels and resorts mostly bring the best memories to all of us, vacations, family time, relaxed ambience, and lots of fun.
The entire life cycle of customer’s interaction with hotel or resort, has multiple stages
1) Interaction with online travel portals
2) Reservation process where personal and financial data is entered in the system.
3) Verification of data and access to hotel or resort property
Inside the premise, the safety and security of guests is mostly dependent on the CCTV infrastructure deployed across the premise. These CCTV cameras are positioned to keep a watch on any untoward incident that may take place and they also help in maintaining the operational readiness of the hotel.
The command-and-control room where VMS receives the video feeds from these CCTV cameras is always in touch with security and operations staff of the hotel and helps them respond to any untoward incident that might have taken place.
In general, any common area, such as passage, lift, halls, recreational areas are covered with these cameras.
For example, 160 CCTV cameras, deployed inside Aloft Dubai are Arecont Vision Costar cameras 1080p from the MegaIP™ series. They are a tailored mix of MegaBall®, MegaDome® and MicroBullet® family models that are deployed throughout the entire facility in both public and secure areas to provide outstanding coverage.
From Cyber security perspective, hotels are also a high value target for personal data, financial data and personal and strategic images.
Most of the hotels deploy a minimal security to protect the customer data and as a result of this in past there has been massive data breached from hotels and resorts.
For example, Marriott Hotels, one of the most iconic brands in hotel industry, was hacked multiple times.
The timeline of the Marriott attack is given below.
The attackers targeted the open and insecure Telnet and RDP, and stole information for 4 years,
In premises, where CCTV shares the same LAN as IT network, most of the CCTV cameras have open Telnet, FTP etc, can allow such cyber heist anytime.
Impact and Implications of the Cyber Attack
The cyber security community, Globally, blamed hotel for it’s lapse of preparedness against Cyber Crimes
Many other hotels have been Hacked, some of the big names are listed below:
TRUMP Hotel
Hyatt Hotel
Mandarin Oriental
Lessons Learnt
• The IT, CCTV security infrastructure at hotels need to be revamped
• Hotels and resorts need to deploy Audit mechanisms to periodically check and detect any cyber-attack or cyber-attack attempt
• Hotels and Resorts must patch their systems regularly
• Customer Data, Privacy needs to be protected at all cost by hotels and resorts
• Hotels and Resorts Must Comply with GDPR and other equivalent standards