By Jitendra Mohan Bhardwaj

While The travel and tourism industry was one of the worst-hit sectors in the Covid-19 years, it has begun to pick up at a faster-than-expected pace because of several factors. Even at the peak of the pandemic in 2020, though, the travel and tourism industry’s contribution to the GDP was $121.9 billion. The figure is expected to reach $512 billion by 2028.

With such growth, the sector is increasingly attracting the attention of cybercriminals. In the past 1-2 years, there have been an increasing number of cyberattacks on travel and tourism companies. In the last 12 months, we have also witnessed a rise in more sophisticated cyberattacks on IoT and crypto jacking attacks. With this, cybersecurity has become a top priority for the sector. Companies across the globe are setting aside budgets to keep themselves and their customers cybersafe.

Key security challenges
The travel and tourism sector largely depends upon online interactions for bookings, listings, and payments, etc., making it an easy target for hackers. It is evident that the prolonged pandemic has further pushed digital interactions, translating into exchange of large sums of money and sensitive data on the Internet.

One of the biggest data breaches in the sector took place in 2018 when a leading global chain of hotels was cyberattacked and sensitive details of about half a million guests were compromised. Other than the data loss, the hotel group had to bear heavy fines for failing to keep customers’ personal data secure.

Cybersecurity measures for travel and tourism companies
It is important that all travel and tourism companies comply with some basic security measures like restricting the use of unsecure websites, use of strong passwords, constantly updating anti-viruses, and control over the accessibility to backend data servers, etc. However, this is not enough anymore as the growth of cyberthreats has outpaced the ability of these companies to effectively deal with them. To be cybersafe, it will be imperative for the industry to deploy a prevention-based response system rather than an incident-driven response system. Therefore, there is an urgent need to invest in advanced solutions that can help deal with all cyberthreats and concerns.

Depending upon business needs, a company may opt for
Security risk assessments identify, estimate and prioritise information security risks and provide end-to-end holistic view of the company’s security posture, vulnerabilities and compliances
Zero trust network access secures workloads in a multifaceted access environment and provides a logical access boundary around an application or set of applications based on identity and context
Protection from unauthorised access, ransomware & phishing attacks
Measures with predictive threat intelligence, hunting and proactive risk mitigation
Threat monitoring in real-time across the desired landscape and providing an analysis of current security status.

These solutions are helping many companies in the industry keep safe and have brought their security management costs down. Their compliance and the maturity rating have also gone up significantly. Even with these measures and solutions in place though, it is always better to conduct regular security posture assessments and keep the systems protected with the latest technologies.

The writer is CIO, CISO & Head Cybersecurity BU, Coforge (formerly known as NIIT Technologies)