Technological advances in the past decade have made a positive impact on the travel and transportation industry in a big way. There is increasing reliance on technology for operations and safety and simultaneously a huge influx of sensitive data input by the customers is seen, which brings to the forefront the need for cybersecurity in strengthening the networks. A lot of personal information such as contact details and pertinent banking information is often asked for and shared on the net. The onus of protecting customer data lies with the travel and transportation industry.
The travel and transportation industry have the highest number of vulnerabilities and are easy targets for cyber criminals. It is estimated that by the year 2025, the cost of cybercrime globally is expected to be about $10.5 trillion, with a 15% increase every year.
Travelers are not aware of the risks associated with logging in details into cyberspace. They carry a wealth of information such as passports, banking details, travel itineraries etc. which when pieced together gives a complete picture. The hackers then use these details for phishing purposes, for identity theft or to sell on the dark web.
Travelers are most vuln erable while travelling as they are distracted and might miss out on some of the most basic cyber security measures. At home, they might have set up firewalls and other preventive measures but while on a journey they erroneously choose convenience over security leading to exposure.
Simple acts such as connecting to a public Wi-Fi or using unverified USBs, or enabling auto-connect puts their devices and information at risk. Apart from holiday travelers, business travelers too are at risk as they carry with them business related sensitive information. Cybercriminals are most attracted to the travel industry because of the economic value the information is worth.
The travel and tourism industry contributes significantly to the global economy. Even though there was a slight dip due to the travel restrictions during the onslaught of the pandemic, the sector has seen a significant rise in the past year contributing to more than 10% of the global GDP.
The past cyber security scenario in the travel industry - The travel industry has always been on the radar of the cyber criminals due to the sheer economic value it generates. Data breaches are common where hackers enter systems and steal personal data worth millions. Even the biggest operators such as the British Airways and Thomas Cook have succumbed to breaches and have had to pay heavily in the past. Serious flaws in the payment authorization processes and inadequate cyber protection by subsidiary units were found to be the reasons for the hacks.
The present cyber security scenario in the travel industry - Although the travel and transportation industry have been lax in the past as far as cyber security was concerned, there has been a significant shift in perspective now, and this sector is going the extra mile to strengthen the cyber security posture of their organisations. A large amount of customer data is in the hands of the hospitality groups, tours and travel companies, airlines, car rental companies etc. which are easy targets for the cyber criminals. Online platforms and booking portals are in vogue now and are used extensively by a majority number of users, leaving networks with low security susceptible to hacks. Third-party vendors are another route to target bid companies if they are not adequately protected.
The future of cyber security in the travel industry - Now that the travel sector has woken up to the risks and threats involved in maintaining poor security standards, they are coming up with fool-proof strategies to counter breaches and protect customer data. Some suggestions to strengthen cyber security systems are:
The most common form of cyber-attack; it acts as an effective tool by tricking the unsuspecting user into clicking innocuous looking emails by posing as genuine promotional or other company related emails. The emails look legitimate to the customer who clicks on it presuming that they are genuine. Common forms of phishing are whale phishing and spear-phishing emails. In whale phishing form of attack, managers at a higher level are targeted, whereas spear-phishing is targeted at company employees in order to breach and access the computer systems.
DDos Attacks -
A Distributed-Denial-Of-Service attack is aimed at the company’s servers by increasing traffic to such an extent that the online services are halted. They hold the company to ransom and extort financial gain in order to restore the systems.
Malware and ransomware -
These are forms of malicious software that can infect and corrupt data once they have access to data. These systems are then held for ransom. The malware or ransomware can either destroy data, install spyware or inflict further damages to the systems by incorporating harmful malware across the entire network.
Man-in-the-middle attack -
It uses unsecure Wi-Fi to infiltrate and steal data of a two-party transaction. It can also carry out this form of attack using software installed on the victim’s device.
SQL Injection -
Using Structured Query Language (SQL) to insert malicious code into servers to reveal sensitive information. This can also be carried out by inserting malicious code into the search box of a website.
DNS Tunnelling -
It masks outbound traffic and hides data or procures it from a compromised system. It further sends commands to obtain information.
Cloud Jacking -
Target businesses that use cloud storage and infiltrate their systems and use the resources for cryptocurrency mining
AI-powered cyberattacks -
Artificial intelligence is used to trick consumers into disclosing personal or financial information by mimicking human behavior
Cyber-attacks using vehicles -
Car rental agencies are especially vulnerable where vehicles are accessed to track an individual’s location and steal personal data, itinerary, driving histories etc.
Creating artificial/synthetic identities -
Using stolen identities to create fabricated credentials. For instance, the stolen date of birth and social security number will be associated with the wrong physical address
Deepfakes and deepfake voice technology -
Using artificial intelligence to create videos or images that appear real to incriminate individuals of actions not done by them
It is clear that no sector or industry is spared from cyber-attacks. An attack is not a fatality, an organization can recover from it provided it acts quickly and turn the crisis into a learning advantage. Due to the diverse nature of websites, it is difficult to lay down precise guidelines to thwart attacks, yet a generalized observation of certain recommendations are given below: