The travel industry faces an increasingly complex cybersecurity threat landscape, with technological advancements and distribution facilitating more sophisticated attacks. These threats concern industry experts as well as the general public, who are exposed to widespread scams, especially through online travel agencies (OTAs) and hotel groups.
According to Adyen’s Hospitality Report 2024, 71% of guests are concerned about the risk of fraud when booking travel. Airbnb reported that the most common types of fraud in the United Kingdom are credit card, phishing, and holiday scams. In response to these threats, Airbnb launched an awareness campaign in partnership with Get Safe Online.
Fraudsters are also exploiting artificial intelligence (AI), with nearly two-thirds of UK adults failing to identify AI-generated images of fake properties. Booking.com reported a significant increase in phishing attacks due to the prevalence of AI tools. Despite this, Josh Jacobson of cybersecurity firm HackerOne pointed out that most travel industry vulnerabilities are still considered ‘low-hanging fruit’ and are relatively easy for attackers to exploit.
The Identity Theft Resource Center reported a surge in software flaws as the root cause of most data breaches. Brands often cannot prevent consumers from falling prey to these attacks and can only educate them about potential threats. Booking.com, one of the largest OTAs, continuously invests in advanced technologies like AI and machine learning to detect and block threats.
The travel industry’s fragmentation and the increasing number of booking channels present another cybersecurity challenge. Experts warn that third-party vendors often lack robust cybersecurity protections, making them prime targets for supply chain attacks. The increased touchpoints of customer data with each new integration also increase the attack surface.
Looking into the future, Andersen Cheng, CEO of cybersecurity company Post-Quantum, warns of a global threat called “Harvest now, decrypt later.” This involves hackers stealing large amounts of encrypted data and waiting for more powerful computers to unlock it. In response to this existential cybersecurity threat, Cheng recommends using “attestation” over “authentication” in the travel industry.
Businesses that succumb to fraud face severe financial and reputational consequences. Experts highlight that the cost-benefit of cybersecurity always favors the attackers, as they spend a fraction of what defenders do because norms and laws do not bind them.
Despite the rising threats, the human element is a powerful and possibly underestimated protection against fraud. Experts suggest that educating employees and requiring them to take phishing and cybersecurity training could be one of the most effective measures to counter these threats.
Discover more at PhocusWire.
Categories: Technology
