• 07 3184 7575

Is Your Travel Data Safe This Holiday Season?

  • Home
  • Blog Posts
  • Is Your Travel Data Safe This Holiday Season?
  • November 25, 2024
  • 0 Comments

Cybercriminals are increasingly targeting the travel and
hospitality industry during peak seasons, exploiting the surge in online
activity to launch attacks. A recent report by Cequence revealed that all top
10 travel and hospitality websites have significant vulnerabilities, putting
millions of travelers at risk during high-traffic periods like Labour Day.

Cequence’s research, conducted using their API Spyder tool,
uncovered serious flaws in these websites’ public-facing assets and cloud
infrastructure. Alarmingly, 91% of the most severe vulnerabilities were found
in just four companies. These include weaknesses that allow man-in-the-middle
(MITM) attacks, where cybercriminals can intercept and manipulate user
communications.

Adding to the concern, 8 out of 10 companies had publicly
accessible non-production or internal application servers—often overlooked and
unmonitored, making them easy targets for attackers. One company was discovered
to have over 300 such exposed servers.

The issue of ‘cloud sprawl’—the uncontrolled expansion of
cloud services—also emerged as a significant risk factor. Driven by factors
like acquisitions and siloed departments, this sprawl increases the number of
public-facing cloud instances, broadening the attack surface. The analyzed
sites were using between 5 and 21 different hosting providers, complicating
security management.

Vercara, now part of Digitcert, provided supporting data
showing that cyberattacks, including Distributed Denial-of-Service (DDoS)
attacks, spike during peak vacation times. November 2023 saw the highest number
of DDoS attacks against the travel industry for the entire year.

William Glazier, Director of Threat Research at Cequence,
warned, “Travellers are at risk during peak vacation times, with cybercriminals
seizing the opportunity to strike.” The consequences include financial loss,
identity theft, disrupted travel, and significant reputational damage for
businesses.

As these vulnerabilities are addressed, companies must also
prepare for the upcoming Payment Card Industry Data Security Standard (PCI DSS)
Version 4.0, mandatory from March 31, 2025. Non-compliance could result in
fines, transaction disruptions, and increased data breach risks.

Previous Post
Planning for Business Continuity After a Cyber Attack
 Next Post
Using Cloud Storage Safely: Tips for Small Businesses

Subscribe to our newsletter

Subscribe to our newsletter and get the latest updates on news, technology, tips, and tricks on how to securing your business.


Join Our Newsletter

Please complete this form to create an account, receive email updates and much more.
  *
 
 
*Required Fields
Note: It is our responsibility to protect your privacy and we guarantee that your data will be completely confidential.