Share

Cybersecurity: hackers don't go on holiday, cyber attacks in tourism are growing

Tourism is growing, but so are cyberattacks. Verizon's 2024 DBIR reveals more than 220 incidents in the hospitality industry, with 106 confirmed data leaks. Social engineering and web application vulnerabilities are responsible for 92% of breaches

Cybersecurity: hackers don't go on holiday, cyber attacks in tourism are growing

Il hospitality sector, characterized by continuous expansion and sustained growth, is today the target of cyber threats increasingly sophisticated. The Data Breach Investigations Report (Dbir) 2024 by Verizon Business offers a detailed insight into the current situation, highlighting over 220 security breach incidents in the industry, with 106 of these involving a confirmed data loss. And what are the main cyber attacks? The Dbir 2024 indicates that the 92% of violations in the hospitality industry it is mainly caused by two types of attacks: social engineering and basic web application vulnerabilities.

A growing sector but vulnerable to hackers

In the 2023, the tourism sector reached a direct gross domestic product of $3,3 trillion, representing approximately the 3% of global GDP. This growth does not protect it from increasingly sophisticated threats such as cyber attacks: the expansion of the sector and the increase in tourist flows, especially in the summer period, together with the growing digitalisation of operations, have made the sector particularly susceptible to attacks, offering to hackers new opportunities to attack.

With over 200 incidents recorded, cybersecurity has thus become a key priority. Cyber ​​attacks not only cause reputational damage and loss of customer trust, but the main risks also include credential compromise (50%) and gods personal data (28%), which are prime targets for cybercriminals, driven primarily by economic reasons.

The main cyber attacks in the tourism sector

According to the DBIR, the 92% of breaches in the industry It is caused by two main types of attacks: social engineering and core web application vulnerabilities. The attack via social engineering is constantly increasing and represented 25% of incidents while the pretexting, a specific form of social engineering attack, has more than doubled in frequency to 20% of cases.

Il ransomware, together with social engineering, is confirmed as one of the main cyber threats. representing 35% of accidents in the sector. However, they do not grow malware attacks with extortion purposes which remained stable at 16% of incidents. Another positive aspect that comes from the report is the reduction of attacks on Point of Sale systems (PoS). These attacks, which had reached 2023% of incidents in 41, dropped to 19%. The is attributable to the widespread adoption of chip-equipped payment cards, which offer greater protection against fraud.

“The realities of the hospitality industry, today more than ever, are faced with increasingly sophisticated system intrusions and breaches – he observed Antonio Cristini, Sales Director Enterprise Italy and Spain, Verizon Business Group – The rise of threats, such as social engineering and ransomware, highlights the importance of strengthening the digital defenses of companies of all sizes. Furthermore, since most attacks come from outside, secure configurations, vulnerability management and network control are key factors to effectively reduce risks.”

comments