Psybersafe Blog

Read our short, informative blog posts to understand more about cyber security and how people’s behaviour is key to improving it.

Can the travel industry send cyber criminals packing?

(4 min read)

We’re all aware that any company – big or small – in any industry – large or niche – is vulnerable to cyber crime.

Travel companies are a particularly high-value target. Why? Of course, they are targets for financial theft, just like most of us are. But the real value of these companies lies in the data they hold.

By targeting a travel company, criminals can get their hands on names, addresses, dates of birth, credit card details and passport details – which together make a very valuable package indeed.

Travel company hacks

In 2017, Expedia suffered a data breach that exposed the personal information of around 800,000 customers. Hackers were able to access all the highly personal information we listed above. Once in their hands, these criminals can use the details for targeted attacks and identity theft, and they can also sell it on to other operators – so more than one income stream from a successful hack.

Travel identity theft passports 700x300

And Expedia haven’t been the only company to suffer. Trailfinders was attacked in 2016, Thomas Cook in 2018 and The Travel Network Group in 2019. These attacks cause significant problems for the companies involved, including costs to repair the damage, potential fines for losing private data and significant reputational damage.  And let’s not forget the individuals whose data was stolen. 

Ransomware: a better business model?

Cyber criminals don’t even need to go through the bother of extracting the data in order to sell it on the dark web. Ransomware attacks are easier to monetise and are the weapon of choice for many professional cyber criminals.

travel ransomware encryption 700x300

For example, in 2020, the US-based travel company CWT Global suffered a ransomware attack that disrupted its operations, forcing the company to pay a ransom to the hackers. The criminals gained access to the company’s systems and encrypted its data, making it completely inaccessible. They demanded a ransom payment in exchange for restoring the data – which, by the way, hackers don’t always do, even if you’ve paid up. CWT Global ended up paying $4.5 million to get its data back.

Isn’t this all about the big travel companies?

Of course, the big players are juicy targets for criminals – they hold hundreds of thousands of customer records and a vast amount of valuable data. But they are well protected and expecting an attack.

Travel big vs small fish 700x300

So it’s unsurprising that criminals will actually target smaller companies – those that still carry valuable data but may not have all the measures in place to manage the risks they face.

Help is at hand, though – a basic, professional layer of cybersecurity does not have to be complicated or expensive.

If you run a travel company, your customers – both individual and corporate – will expect you to be taking all the measures you can to protect their data. So take proactive steps to protect your business and your clients from cyber threats.  Invest in robust security technologies and implement security awareness training for your staff. By taking these steps you can reduce the risk of cyber attacks and protect your clients’ personal and financial information.

What about you?

Of course the individuals whose data’s been stolen are now also at risk.  If you use a travel company, are you happy about how they manage your data?  It’s worth asking the question, isn’t it?

Travel girl on suitcase 700x300

For example, we’re working with BFP Travel to help them build a solid first line of defence by training the team to think differently about their role in keeping the business safe.

Marc Julicher, Technical Director at BFP says: “We want to make sure that we put clear mitigations in place to deal with the increased risks of cyber attack.  We know that attacks often succeed because of human error, so in addition to focusing on our IT systems and practices, we’ve chosen to work with Psybersafe to educate our team and improve their day-to-day cyber behaviours on an ongoing basis.”

 Interested?  You can find out more about our quick, fun, measurable online training here, or book a demo today.

 Sign up  to get our monthly newsletter, packed with hints and tips on how to stay cyber safe. 

Mark 200x200Mark Brown is a behavioural science expert with significant experience in inspiring organisational and culture change that lasts.  If you’d like to chat about using Psybersafe in your business to help to stay cyber secure, contact Mark today.