AI: More convenience, efficiency—and cybersecurity risks

AI: More convenience, efficiency—and cybersecurity risks


GLOBAL REPORT – The possibilities for
artificial intelligence (AI) are expanding exponentially in the hospitality
industry. Around the world, hotels are already reaping the benefits of AI to
streamline operations and enhance guest experiences.

For example, hotels are implementing the use
of AI-powered chatbots to act as virtual concierges, instantly responding to
guest queries, offering 24/7 support for room service and other amenities, and
even using predictive analytics to provide personalized recommendations for
things like dietary preferences and room upgrades. AI-integrated Internet of
Things (IoT) systems, meanwhile, give staff seamless behind-the-scenes control,
with hospitality companies using the technology to monitor energy consumption
and optimize lighting, heating, and cooling in their properties.

But energy monitoring and temperature control
are just scraping the surface of what AI can do for hoteliers. In Las Vegas,
construction is underway on a new “smart hotel” that promises to be the world’s
first truly AI-powered hotel, leaning on the technology for top-to-bottom
optimization with dynamic room allocation, a “gamified Q&A session” for
check-in, and a do-it-all concierge AI system and personal assistant.

While AI can bring
greater convenience for guests and improved efficiency for hoteliers, it also
creates new cybersecurity challenges and opportunities for cyberattacks.

Check-In kiosks create opportunities for data theft
AI can personalize guest experiences, streamline reservations and check-ins,
and even optimize housekeeping schedules. But doing all this requires data. A
lot of data. For hoteliers, this creates new concerns for data privacy—and new
opportunities for data theft.

Quote

Unfortunately, despite the growing popularity of IoT in hospitality, the devices remain notoriously insecure, making them an attractive target for cyberattackers.

To automate check-in from start to finish,
self-service kiosks must collect and process scores of guests’ personal and
financial data (e.g., credit card numbers, names, addresses, and other personally
identifiable information known as PII). In doing so, they become a virtual
stockpile of sensitive information—and an attractive target for hackers hoping
to steal PII and sell it on the dark web.

Hackers can compromise self-service check-in
kiosks via malware, brute-force, or other attacks. When they do, they can not
only make off with guests’ data but potentially infect a hotel’s entire
network.

IoT devices introduce
more (costly) vulnerabilities

Similar risks arise from IoT devices. Modern hotels aim to create completely
seamless, personalized guest experiences with smart locks, smart thermostats,
and many other IoT devices. But these IoT devices have also become a target for
threat actors.

By hacking into just one insecure IoT device,
bad actors can potentially gain unauthorized access to a hotel’s entire
network, setting the stage for more cyber incidents like ransomware attacks,
data breaches, etc. In fact, a Forrester report shows that “34% of enterprises
that fell victim to a breach via IoT devices faced higher cumulative breach
costs than cyberattacks on non-IoT devices, ranging between $5 million and $10
million.”

Unfortunately, despite the growing popularity
of IoT in hospitality, the devices remain notoriously insecure, making them an
attractive target for cyberattackers.

Third-party service
providers add another layer of risk

Hacking on-site devices isn’t the only way bad actors can infiltrate hotels’
networks. They can also take advantage of a hotel’s third-party connections to
gain unauthorized access and disrupt operations.

Quote

Bottom line: Working with AI service providers can greatly enhance hotel operations—but it also expands your supply chain and introduces new opportunities for cybersecurity risks.

For example, hoteliers often enlist the help
of a third-party vendor to manage an AI-powered chatbot or self-service
check-in kiosk. While this means the hotel offloads the work of building and
maintaining the technology, it also means relinquishing full control and
visibility of all the data these systems collect and process (i.e., hotel guests’
PII).

Nonetheless, in the event of a cyber incident
and data breach, the impacted hotel is the one responsible for the loss of
customer data, as well as the legal and financial repercussions that come with
it.

Bottom line: Working with AI service providers
can greatly enhance hotel operations—but it also expands your supply chain and
introduces new opportunities for cybersecurity risks.

Protecting your hotel
from new AI cybersecurity risk

Undoubtedly, integrating AI-powered technology brings new cybersecurity risks
for hotels, such as more complex supply chains, greater IoT vulnerabilities,
and new opportunities for data theft. But slowing AI adoption isn’t the right
course of action either—not when considering the many opportunities for ROI on
AI in hospitality.

Instead, hotels can take a cyber-focused
approach to AI integration by prioritizing best practices like:

Strategic data collection: Limit guest data
collection as much as possible. By only collecting and storing what’s
absolutely necessary, hotels can mitigate the damage of potential data
breaches.

Data encryption: Guest data should always be
kept secure—both when it’s being shared and when it’s being stored—by using
strong encryption methods to protect it from unauthorized access.

Network segmentation: Divide the hotel’s
network into isolated segments (e.g., Wi-Fi, IoT devices, etc.). This way, if
bad actors do successfully hack IoT devices or check-in kiosks, the breach can
be contained by limiting their ability to move across systems.

Third-party security assessments: Regularly
audit third-party service providers’ cybersecurity postures to identify cyber
risks in your supply chain (and take steps to mitigate them) before hackers get
a chance to exploit them.

For proactive protection from new AI-related
cybersecurity risks, participating in specialized industry intelligence-sharing
initiatives
is key to a comprehensive defense strategy. By joining forces with
other hospitality organizations, individual hotels can dramatically increase their
own cyber intelligence to stay on top of evolving threats—and stay one step
ahead of hackers.

Contributed by Pam Lindemoen, chief security
officer and vice president, R&H ISAC, Vienna, Virginia

The views and opinions expressed in this
content do not necessarily reflect the opinions of Hotel Investment Today by
Northstar or Northstar Travel Group and its affiliated companies.



Source link