Hotel chains and tourism outfits don’t have to look far to find the source of most data breaches -- they only have to examine their own terminals, according to a study by digital security
firm BitSight.
The biggest breach type in the hospitality field is at the point of sale (POS). Web apps are the second most likely conduit of attack, and are the top threat in retail. While
email does not appear to be a major avenue of attack, it is part of the picture.
“Some (but not necessarily all) of the breaches involved in this research included the compromise or loss
of email addresses,” says Stephen Boyer, CTO and co-founder for BitSight.
A BitSight blog post on the study says the retail and hospitality industries are
“commonly regarded as ripe targets for POS attacks due to the large amount of brick-and-mortar locations with exploitable payment terminals.”
The post adds that
hospitality companies ‘would do well to take specific actions to address their risk of POS attack such as monitoring endpoint security and ensuring data is safe behind properly configured
firewalls.”
Web apps account for over 25% of the incidents observed, the post continues. Also ranked in the top three breach types is the category "other." Although listed
in the low single digits, the other retail threats include crimeware, error and lost/stolen asset.
Not all the news is bad. The BitSight blog post also reports that both
industries “show a slight decline in security events during the holidays.”
To explain why these breaches occur, the article says “it is possible that controls
and security practices are stepped up as the holidays approach, or that companies are simply too busy during this season to report breaches as they occur (this might also explain spikes early in the
year).”