It’s interesting when several IT stories, each of which we’ve discussed individually, come together. They emphasize just how well IT specialties complement each other. Today is such a case.
Data breaches happen so often we’re becoming de-sensitized to the news reports. Breaches affect industries where customer information should always be secure. These include banking, insurance, government agencies and lately, the healthcare industry. These all highlight why traditional, preventative network security is not enough in today’s threat landscape.
We’ve also discussed using CRM in hospitality to improve both customer experience and bottom line.
Today, these seemingly unrelated topics come together.
Hotels under cyberattack
One cyber-target that doesn’t receive as much attention is hospitality. Sure, we hear about bandits swiping credit card information and running up customer balances. But we don’t think much about it happening in hotels and resorts. Maybe the news feeds aren’t as loud about it as they could be.
Yet when it does happen, large numbers of guests don’t hear about it for months or even years.
Last week, Grand Sierra Resort notified its guests that their credit card data “may have been affected.”
Grand Sierra is hardly the only notable hotel chain to experience a breach. Last month, one of Donald Trumps’ luxury hotel chains announced a breach investigation. Even big names like Hilton and Westin admit to being recent victims of malware and other attacks.
What’s all this delay?
It’s not surprising such high-profile resorts and casinos are targets for data hijackers. After all, credit card information on high-rollers makes an irresistible target for thieves.
What makes Grand Sierra’s admission significant is the dates when the actual breaches occurred. The time periods announced were February to March 2014 and March to August 2015. Neither long-running breach was “noticed” or reported to authorities until September of last year.
The investigation concluded in January of this year, yet the resort is just now disclosing it in April 2016. That means, for some customers it’s been almost two years since their data was stolen. How much damage can a thief do to a person’s credit in that time?
Connecting CRM to active intrusion detection
Most major hotel and casino chains have implemented sophisticated CRM solutions. These applications categorize guests, personalize the guest experience, focus marketing efforts and more. As a result, the hotel gains staff efficiency, new and repeat visits, and guest satisfaction.
Without robust security, these systems are a treasure trove for black hat hackers. Firewalls and malware blockers aren’t enough anymore, especially in today’s cloud-based infrastructures. And neither is traditional network security and event monitoring. If they were, why would it take 8 months to notice an intrusion – or 18 months in our case in point?
The only way to stay ahead of the black hats is with real-time intrusion detection. Coupled with threat intelligence and top-notch white hats testing vulnerabilities, you’ll know about an attack or the risk of an attack right away. That way, if a breach happens, you can react while the trail’s hot—not months later.
Still relying on traditional network monitoring to protect your applications and data from intruders? SimpleSecure, Paranet’s unified security management platform can help. Schedule a consultation to learn more.