Highlights

*Insider threats are a significant and costly risk to hoteliers.

*User negligence is the primary cause of insider incidents.

*The average cost of an incident is $16 million USD.

Introduction

For hoteliers, the biggest cybersecurity threat may not be an external hacker—it could be within your own workforce.

Insider threats—security breaches that originate from within an organisation—are a growing and costly risk for businesses globally.

In this week’s feature of the VENZA Echo, we’re uncovering the threats that lurk from within your hotel staff, examining the types, financial implications and best strategies for prevention.

Overview

An insider threat involves any authorized individual within your organisation who might intentionally or accidentally misuse their access. This risk isn’t limited to hotel staff; contractors, vendors, and third-party providers with privileged access to company systems can also become insider threats if their access is misused or compromised.

Types

Insider threats can be categorized based on intent:

*Malicious Insiders: Individuals who deliberately misuse access for personal gain, sabotage, or revenge. They are often disgruntled former employees but can also include malicious outsiders, like hackers or competitors, who are legitimately employed.

*Negligent Insiders: Through accidental actions or carelessness, these insiders create risks by ignoring security protocols, falling victim to phishing scams, or unintentionally mishandling data. This is the predominant risk for inside threats, with 55% of cases attributed to negligence or oversight.

*Compromised Insiders: Employees or contractors whose credentials have been compromised by cybercriminals through tactics like social engineering or hacking. Remediating this type of insider threat is the costliest, seeing average expenses of over $700,000 USD per incident.

Impact

Insider threats pose serious financial, operational, and reputational challenges for hoteliers. The average cost to address insider risks globally is $16.2 million USD, with North American companies facing even steeper expenses at $19.09 million USD.

Operationally, these threats are costly due to the average 86-day containment period, which requires ongoing monitoring, containment, and remediation efforts.

The reputational impact can be equally damaging, as data breaches erode guest trust.

Prevention

There are three effective strategies proven to mitigate insider threats:

1. Privileged Access Management (PAM): Implementing PAM controls access to critical systems by limiting permissions to only what each user needs. By monitoring and managing privileged access, hoteliers can prevent misuse and reduce risk. PAM can also save an estimated $5.9 million USD in costs.

2. User Training and Awareness Programs: Regular training on security protocols and phishing awareness helps reduce accidental threats from negligence. Such programs have been shown to lower insider risk costs by about $5.4 million USD.

3. Security Information and Event Management (SIEM): Using SIEM technology to analyze security data in real-time, unusual user account can be quickly found and contained. This technology has been proven to minimize the damage and cost of insider threats by an average of $4.3 million USD.

Conclusion

Insider threats pose a substantial risk to hoteliers, particularly as the industry handles a vast amount of sensitive guest data.

By understanding the types of insider threats, acknowledging their potential costs, and implementing a multi-layered security approach, hoteliers can better protect against these often-hidden dangers.

Feeling overwhelmed? Don’t worry. As the leading experts in hospitality data protection, VENZA offers tailored training and simulated social engineering attacks to assess and strengthen your defenses, providing 360-degree protection for your hotel.

Ready to get started? Contact Sales to discuss signing up for our programs or adding new solutions to your contract.

***

Take VENZA’s free Phishing Test to assess gaps in your human firewall today!

Training your personnel to recognize and report phishing attempts is essential to protecting your guests and their data. Get started by determining your risk and readiness level using this free tool.

***

Want to stay informed? Subscribe to the free VENZA Echo now. You’ll receive a monthly digest with the highlights of our weekly article series and important product updates and news from VENZA.