The travel sector is “enormously exposed” to cyber fraud and there is no easy solution to reduce the risks, warn experts.
Andrew Hill, partner at law firm Hill Dickinson, said: “The industry is driven by information technology. There is a lot of money in travel, and a lot of data that can be monetised. The sector is enormously exposed.”
He told the Hill Dickinson travel law seminar: “This is a new development and we’re at the cutting edge of it. Right now, ransomware is becoming the main weapon of choice for criminals. You get a message saying ‘Your systems are going into lock down. Pay this ransom and we’ll give you the key’.
“Criminals know the level to pitch the demand at. People think ‘It’s going to cost me more in loss of business than to settle’, so they pay.”
Government figures suggest 85% of businesses suffered internet fraud in a single year. Hill said: “Having a breach and not knowing is classic. We’ve been involved with clients who have had malware sitting on their systems for years and didn’t know. It’s only when customers tip them off there might be a problem – say, credit card details have been stolen – that a pattern starts to emerge.”
Hill said: “Unfortunately, there is no solution to this. There has to be robust IT security. That is the first line of defence. Then you have employee education. The people in your organisation are generally the weak links. They can fall foul of all sorts of frauds. Your last port of call ought to be insurance.”
He told the seminar: “An IT boffin can crack a four-digit password on an iPhone in 18 seconds – an eight-digit password takes about three days. [But] it’s frustrating having to remember different passwords for everything. We have to try to align security with convenience.”