Services 2018-04-11T08:57:58+00:00

Cybersecurity for the service industry

The threat of cyber-crime is becoming an increasing issue for many organizations and businesses. This includes the service and hospitality industry, as new advances in computing systems have emerged, such as cloud computing, social media, and big data.

Security management in the hospitality industry

Ensuring your guests’ security is a standard practice in accommodation services, but the focus has traditionally been around physical property. Guests rely on hotels to keep themselves and their possessions safe during their stays. When they leave valuable items in their rooms, they just put the lock on their doors or use the room safe.

Change of focus

Guests may mistakenly assume the same level of protection that hotels provide for physical property extends to the digital assets that reside on their laptops and smartphones when they use hotel Wi-Fi connections. Hotels need to be certain they are delivering a consistent level of security to guests and their possessions, whether they are physical or digital.

At risk on several levels

Accommodation services need to think about multiple endpoints and the remote connections they rely on to run operations. Electronic door locks, HVAC controls, alarms and a full range of Internet of Things (IoT) devices can fall under the control of cybercriminals aiming to disrupt normal operations.

The risk of hotels becoming a victim to cyber-crime is even higher, as most of the people in accommodation services who deal with computer systems (e.g., front office managers and accountants) are not IT experts and have only some familiarity with computer systems.

Threats

Hackers have checked in for a long stay in the hospitality industry. Accommodation and food services are falling victim to cyberattacks, with hotels and restaurants as some of the main targets. Most of the breaches are financially-driven, planned by external actors with the goal of attacking targets of
opportunity and compromising payment card data. Use of stolen credentials is yet another breach that the services industry has been faced with, facing both external factors as well as misuse of privilege

Malware

Detecting malicious activity in the early stages of an attack is essential to minimizing damages to your infrastructure and containing and eradicating the threat.

LogPoint gives insight into indicators of compromise through monitoring the health of your systems via integrity and vulnerability scanners, firewalls and tracking access to assets.

To rapidly detect infected systems with LogPoint, you can:

  1. Detect vulnerable sources to identify potential access points for an attack on your infrastructure
  2. Baseline your enterprise to identify anomalous activity happening on your network
  3. Rapidly inspect your networks and identifying machines that are infected
  4. Actively monitor research and publications on a given strain and receive updates and queries as more research is carried out
  5. Identify any spike in file creation, renaming or deletions by a specific user or process
  6. Create alerts for unusual data activity on storage systems within a certain period of time

Privilege misuse

The ability to detect lateral movement in the network and to detect suspicious or abnormal behavior prior to exfiltration is possible and usually a cost-effective investment compared to the perceived value.

LogPoint uses UEBA, exhaustive compliance regimens for instance BASEL-II and SOX to monitor and detect fraud, in both enterprise applications as SAP and Oracle but also across infrastructure applications as AD and cloud-based services such as Azure, AWS and Salesforce.

To identify, detect and remediate insider threats with LogPoint, you can:

  1. Monitor administrative, or privileged, accounts and alert and report on attempts to access these.
  1. Validate that new accounts are not activated until they are approved by a senior executive.
  1. Uncover malicious intent through alerting on abnormal authentication attempts, off hour authentication attempts etc., using data from Windows, Unix and any other authentication application
  2. Track (privileged) access to mailboxes, identify potential misuse of access, reading mails belonging to other people, for instance management.
  3. Detect sudden changes in behavior of a user, operator or sever by combining anomaly detection with advanced correlation, for full contextual insight on misuse.
  4. Uncover changes in configurations, audit configuration changes, policy changes, policy violations etc.
  5. Identify data exfiltration attempts, information leakage through emails etc., using data from mail servers, file sharing applications etc.
  6. Identify critical changes as well as innocuous-seeming and procedurally acceptable changes with the LogPoint UEBA platform