Summer is the time for travel, fun, and relaxation—and, if you’re a threat actor, cyberattacks.
Hotels are under real threat. New research from security firm VikingCloud shows that attackers are targeting lodging. North American hotel IT and security executives surveyed reported that attacks surge in the summer. Jon Marler, VikingCloud cybersecurity evangelist, told IT Brew that while there’s awareness of the problem, solutions are hard to come by.
“Hospitality is prioritizing cybersecurity, they’re spending more,” Marler said. “One of the things that surprised me was how much they are spending—but they’re not getting good results.”
Outcomes. The results the industry has seen thus far are not encouraging—82% of North American hotels were attacked in 2024, with 58% seeing upwards of five attempted attacks during the summer holidays. Marler said that the survey used a broad definition of attack, including receiving phishing emails and malware, even if it was discovered immediately, in order to capture the breadth of the threat surface more than the specific danger in each case.
With an estimated 212 million Americans expected to use digital hotel check-in technology this summer, the danger is real. Hotels rely on phone conversations and customer service more than most industries, creating a larger threat surface for attackers to work on. Hotel concierge services are increasingly going digital, with AI playing a role in how the sector manages guest needs. Benjamin Vaughn, Hyatt CISO, told IT Brew in March that the company is investing in threat protection and training staff to offset the danger.
“Threat actors often do not know the difference between a housekeeper and a general manager. All they see is an email address,” Vaughn said. “So, we think it is imperative that everybody at the company get the same training, no exceptions.”
Top insights for IT pros
From cybersecurity and big data to cloud computing, IT Brew covers the latest trends shaping business tech in our 4x weekly newsletter, virtual events with industry experts, and digital guides.
Living’s easy. Roughly two-thirds of executives, 66%, said that the attacks are more frequent in the summer months. A further 50% reported that the attacks are more severe in nature than at other times of the year. That makes sense—attackers are only getting more sophisticated, and will use whatever advantage they can get.
“The real reason that the attackers do these attacks in the first place is to get after money,” Marler said. “If you have more data in your system, that’s fresh, and you have more money in your coffers because you’ve been doing more business, you’re more attractive to come after from a criminal perspective.”
Those attacks can cost over $3 million in lost business, as well as in fees and fines; the convenience of modern hospitalist technology, VikingCloud argues, makes the danger real with 42% of those surveyed reporting that third-party systems, like booking engines, are a vulnerability.
For IT professionals in the space, Marler said, the key is to ensure that staff are trained and aware of the danger. Seasonal employment and industry churn means there’s a higher chance for breaches; ultimately it’s about making sure resources are deployed effectively.
“If you’re spending a lot of money on cybersecurity technologies, you really evaluate whether you’re spending those in the right areas.”