Data Breach Threat Grows for Hotel Companies As Cyberattacks Evolve - CoStar

Excerpt from CoStar

Data breach security and insurance experts spoke at the Hospitality Law Conference Washington, D.C., about growing threats for cybersecurity and the increasing difficulty in getting insurance coverage.

The threat of data breaches continues to grow for hotel companies as hackers’ methods of infiltration further evolves.

Though many parts of business slowed or paused during the pandemic, data breaches as a whole did not. Hotel companies are still a popular target for data thieves looking to gain personal information of guests and employees and monetize them or to hold sensitive information for ransom.

During the Hospitality Law Conference Washington, D.C., experts in data breaches and insurance spoke about how these breaches have changed and how best to respond to them.

A Growing Threat

The data breaches have been nonstop with news breaking every month of another breach, said Dale Buckner, CEO of security solutions company Global Guardian. COVID-19 further complicated data security because of how many people have been working from home.

The issue is that if a company has its employees working from home, they’re running systems that connect back to the company. The employees may be using routers that are 10 years old and haven’t been updated using a weak password without an encrypted virtual private network. The Wi-Fi network they’re using may be open to the neighborhood.

“If you don’t issue a company phone that has an encrypted end-to-end VPN on it where everything is encrypted and protected, or you have employees bringing their own device, it’s wide open,” he said. “These are all ways into your company. You are completely exposed.”

Until corporations are willing to issue work laptops and phones to employees and actually protect those devices, it doesn’t matter what insurance, software or platform they have, Buckner said. Eventually, companies won’t be able to get insurance to protect against data breaches. He said his own company has seen cyber insurance costs increase by 65%, and his company has a specialty in cybersecurity.

When hackers get past a company’s security and hold vital information or operations for ransom, they used to hold out for higher figures, he said. Now the amounts are for tens of thousands up to a couple hundred thousand dollars, but they’re doing it at scale.

“Now, it's just high volume, low rates,” he said. “They know you'll pay it typically. They know you're insured for it, and it'll go — in some cases or not. But ultimately, that's how that entire industry has changed.”

Click here to read complete article at CoStar.