man on the phone concierge

Cybersecurity challenges in the HTL sector

Safeguarding your business against threats

Daniel Sibthorpe, Senior Manager, Forensic Services
man on the phone concierge
The Hotel, Tourism and Leisure (HTL) sector has become an enticing target for cyber threats due to its reliance on Internet of Things (IoT) devices, extensive supply chains and the vast amount of sensitive customer data it processes. As the industry embraces digital transformation more extensively, it becomes vulnerable to a range of cybersecurity challenges that have come to light in recent years. With notable data breaches affecting leading hotel chains like Marriot Group, Hilton Hotels and Premier Inn, cybercriminals are persistently drawn to targeting the sector.

What challenges is the sector facing?

One of the primary cyber threats faced by this sector is data breaches. Hotels and travel agencies store extensive personal information, including names, addresses, payment details and travel itineraries. If a cybercriminal gains unauthorised access to this data, it can be exploited for identify theft, financial fraud, or sold on the dark web. The fallout from such breaches not only damages the affected individuals but tarnishes the reputation of the targeted businesses.

Ransomware attacks are one of the favoured methods of extortion used by cybercriminals, which encrypts critical files and demands a payment for their release. Such attacks can disrupt operations, leading to financial losses and causing severe inconvenience to customers. The interconnected nature of the sector also makes it susceptible to supply chain attacks. Cybercriminals may target smaller vendors or third-party service providers that have access to larger network. If these peripheral entities lack robust cybersecurity measures, they become potential entry points for attackers seeking to infiltrate the systems of major hotels or travel agencies.

Phishing attacks are also a persistent threat to the sector. Cybercriminals often disguise themselves as legitimate entities, sending fraudulent emails or messages to trick employees into divulging sensitive information or clicking on malicious links. Given the sector’s reliance on online bookings and reservations, customers are also susceptible to phishing attempts that may lead to the compromise of their personal data.

The increasing use of IoT devices in the HTL sector introduces additional vulnerabilities. Smart room controls, keyless entry systems, and thermostats provide convenience for guests but also present potential entry points for cyber-attacks, so there is a trade-off for organisations in the HTL sector to consider. Without robust security measures, these devices can be exploited to gain unauthorised access to networks or even disrupt hotel operations. To mitigate these cyber threats, the HTL sector must prioritise cybersecurity measures. This includes implementing robust encryption protocols, regularly updating software and systems, conducting thorough employee training on cybersecurity best practices, and investing in advances threat detection and response mechanisms.

How can we help?

Our Forensic Services team have the tools and techniques used by cybercriminals to check your organisation for vulnerabilities – we see what they can see. Not only can we use our advanced penetration testing tools to assess your organisation’s infrastructure, but we can also provide the adequate training for your employees to help mitigate the threat of phishing.

For more information, please contact Tim Robinson or your usual Crowe contact.


Contact us

Tim Robinson
Tim Robinson
Partner, Forensic Services