Data breaches are growing increasingly common, with millions of people falling victim to them every year. They can range in severity from a stolen email or password to personal credit card or banking information. Rapid software innovations and cloud computing can easily leave users and companies alike exposed to hackers. As technology networks grow more complex, there are an increasing number of channels that must be protected, maintained, and secured.
Governments around the world are working to enact new laws to bring data security front and center. The European Data Protection Regulation, also known as GDPR, has tightened the use and collection of personal data and increased potential fines for companies in violation. Its impact has been felt in the hospitality industry, where data security has long been a sensitive issue.
Now more than ever, technology providers are being put under a microscope by hospitality organizations looking for the highest levels of data security as well as system performance. We turned to Jay Hilyard, Application Security Director at Amadeus, for his advice on what hoteliers should do to ensure their guest and staff data remains secure.
Amadeus: Why have data breaches become so widespread?
Jay Hilyard: Cloud-based software is a major culprit. The hospitality industry is increasingly moving away from hosting software on-premise in favor of flexible, faster, and easier to maintain cloud-based technology. However, this also increases the risk of a data breach since there are so many connection points that a potential hacker can target and steal information from.
A: How easy is it to breach modern technology?
JH: If a company doesn’t have a robust security program, it’s surprisingly quite simple. For example, in 2016 a group of college students created a virus that was powered by something called the Mirai botnet. It wasn’t complex and didn’t require a lot of experience to build. This botnet tool was then used to compromise a multitude of IoT devices and cloud-connected hardware like CCTV cameras, which took down the internet across most of the Eastern seaboard. If a few students with computers can do that, hoteliers need to be aware and ask the right questions when investing in companies that are going to store or transfer sensitive data.
A: How can hoteliers identify suspicious activity within their systems?
JH: First, it’s important to understand the technology you’re using, and what normal application behavior looks like. When new providers enter the market, their software doesn’t have a lot of historical data detailing normal system use. Without this, malicious activity can be easily overlooked or go unnoticed. When improving data security, it’s important for hoteliers and technology providers to prioritize analyzing this behavior. Amadeus has spent 30+ years tracking and identifying behavioral patterns within our applications. That data allows us to effectively understand when someone is behaving maliciously and develop proactive measures to prevent potential theft.
A: Why is it so important for hoteliers to learn about data security and become more involved in their network?
JH: Many times, hoteliers assume their technology partners are on top of the issue. And frankly, they should be able to put their trust in companies like us. In this day and age, there are still many technology providers who struggle with the capabilities or resources necessary to secure sensitive data. Before a hotelier thinks about investing in a shiny new product or solution, they should research the company. The last thing a hotelier should have to worry about is switching vendors because their first investment led to a costly data breach.
A: Can you explain more about the level of security we provide our customers?
JH: Data security has been a key focus throughout our three decades in business because we put our customers first. We constantly analyze trends in the market and innovate our technology to answer new challenges and problems our customers need help solving. Every technology solution we offer has a dedicated IT security team focused on ensuring that we have a robust and stable level of protection for our customers. Security by design and Privacy by design are considered from the outset. We also know that compliance for data privacy is already a global trend. GDPR, Russian Citizen Data privacy laws, and even states like California are enacting rules about data protection and localization requirements. Amadeus is already addressing these requirements to ensure that our products and solutions have relevant functionality to meet customer requirements. We always want to make sure our customers are prepared for the future by focusing on these issues at the beginning and during the development process rather than as an afterthought.
It is important to know where your IT department and your technology providers stand on data security so you ensure alignment. Take the right steps by outlining a plan forward. Engage with your teams that are utilizing technologies and understand your priorities.
Our goal at Amadeus is to keep the hospitality industry moving forward with industry-leading cloud-native solutions that focus on creating better end-to-end experiences for travelers. If you would like to learn more about data security, and what the right questions are to ask about data security contact us today!