Commentary: Primary cyberthreats to airlines and tourism in summer 2021 

Digital transformation is invaluable in helping businesses in the tourism and hospitality field remain competitive in today's market, but it also provides an entry point for cybercriminals to strike, writes Kim DeCarlis, CMO at PerimeterX  

Commentary: Primary cyberthreats to airlines and tourism in summer 2021 

BIGSTOCK/ Copyright: Mihailo K

By Kim DeCarlis

Welcome to summer 2021. The sun is shining. Travel restrictions are easing. For the first time in quite a while, people are venturing outside their homes and making plans to explore the world. The past year has been difficult for the travel and hospitality industry, but things are looking up. 74% of travelers surveyed globally plan to take at least one overnight leisure trip in 2021 and 64% plan to take more than two, according to a recent TripAdvisor survey.

Chief among travelers’ concerns are cleaning and hygiene practices, so it’s no surprise that businesses are allocating resources to provide enhanced sanitation. But while organizations and the public are focused on the physical safety of business and personal travel in a post-pandemic world, another threat is looming online.

Digital transformation accelerates your fraud risk

Strict lockdowns accelerated digital transformation as people spent more time at home on their devices — and the travel industry was no exception. More than 75% of C-suite executives say the pandemic re-shaped their future and emphasized the urgent need to focus on digitization. In response to the times, many hotels are expanding digital services, like online check-in and contactless room service for guests who are wary of in-person interactions and accustomed to the convenience of digital transactions.

Digital transformation is invaluable in helping travel and hospitality businesses remain competitive in today’s market. Unfortunately, it also provides an entry point for cybercriminals to strike. And as digital traffic to airlines, hotels, and online travel agencies grows, so do the cyberattacks plaguing the industry.

There are four primary cyberthreats to travel and hospitality companies’ web and mobile applications.

Account Takeover

Account takeover (ATO) attacks occur when cybercriminals use stolen credentials to take unauthorized ownership of online accounts on your site. There are an estimated 3.27 billion stolen usernames/passwords available for purchase on the dark web, and all it takes are a few winning combinations to wreak havoc.

Businesses lose billions of dollars each year to ATO attacks, and the travel industry is an especially ripe target. Why? Customer loyalty. In addition to credit card and bank information, airline and hotel accounts hold loyalty points and frequent flyer miles. Attackers can easily transfer points from one account to another and use them to make high-value purchases. Many airline and hotel loyalty programs offer marketplaces, so hackers can do business out in the open.

Digital Skimming

Digital skimming, also known as Magecart, is when an attacker steals personally identifiable information (PII) from website visitors. Taking advantage of security weaknesses in the third-party JavaScript and open source libraries that comprise today’s websites, criminals inject malicious scripts, designed to skim credit card data and other sensitive information, into the code.

Magecart attacks have compromised millions of users and hundreds of thousands of websites, including those of Delta Airlines and British Airways. Overall, there were 425 Magecart incidents per month in 2020.

It’s not hard to imagine the negative impact that digital skimming can have on your company. Magecart attacks cost businesses anywhere from $2.5–$3.92 million, and this goes far beyond initial losses. Damages to brand reputation and consumer trust, not to mention government fines, can cause a dip in your stock value and negatively affect your long-term growth and profits.

Web Scraping

Web scraping bots crawl your site to capture pricing data and product descriptions at scale. In fact, up to 20% of daily traffic on online travel sites is from price scraping bots that enter fake user information to get the most current prices.

In an industry marked by fluctuating rates for plane tickets and hotel rooms, maintaining secrecy around your pricing moves is necessary to stay ahead of competition. Similarly, creating unique and compelling product descriptions, reviews and inventory data can help you stand out. When bots scrape this information, it can be detrimental to your business. When competitors republish your content, they can look more established and reputable. This degrades the value of your website content because it is no longer exclusive and unique to your brand. In addition, your SEO can take a hit when search engines detect pages with duplicate content or erroneously assume that your site is the one with stolen content.

Skewed Analytics

Data is the name of the game for online travel businesses. Whether you’re tracking conversion rates, page visits, or look-to-book ratios, analytics are at the root of every business decision. So if your data is incorrect, it can directly lead to bad decisions that result in massive losses. Bots account for more than half of the traffic on travel sites, distorting your metrics. Even bots that are helpful to your business, such as search engine crawlers, still influence your numbers. For businesses without a bot management solution, the possibility of skewed analytics is a certain reality.

Travel and hospitality companies rely on supply and demand to understand their audience and drive pricing. Bots harm your ability to leverage data to intelligently adapt business strategy — a must in today’s ever-changing market. Cyberattacks are almost a certainty for every online travel and hospitality business. But just because you will face an automated fraud attack doesn’t mean you have to become a victim.

 

Kim DeCarlis is CMO at PerimeterX

You might be interested also