In recent years, plenty of us have traipsed up to a hotel room only to find the key card doesn’t work. Greater examples of human suffering exist, but it’s annoying all the same.
However, it’s nothing as disruptive as the cyber attack which targeted MGM Resorts in Las Vegas two weeks ago. Thousands of hotel guests were locked out of their rooms as their key cards went offline. Worse still – and with most of their belongings on the other side of a locked door – they couldn’t use ATMs (also down), or order room service, or even buy food at restaurants without paying by cash (and how much of that do we all carry around these days?).
“The travel industry has always presented a lucrative target for attackers,” says Charlie Barr, Team Leader at cybersecurity experts Pentest People. “When booking a holiday, the average person is expected to supply card details for payment, their billing address and passport details for identification. A treasure trove of valuable personal information for a cybercriminal to steal and sell, to conduct fraud and identity theft.”
Occasionally when staying in (usually family-owned) traditional hotels, I’m handed an olde worlde room key connected to a heavy weight, conjuring up an increasingly forgotten, simpler world where you’d talk through your holiday ideas with an experienced travel agent rather than have to sift through thousands of possibilities on the internet; park your car with a coin rather than need to download an app and input endless details; carry a paper air ticket rather than worry your battery will die the moment you present your smartphone boarding pass; and be armed with a book of travellers’ cheques rather than fear your credit cards will be cloned.
Of course, so many areas of travel have been enhanced hugely by technology – think of computerised booking and seat selection, Sat Navs, facial recognition software instead of manual passport immigration checks, translation apps, Apple AirTags tracking your luggage, flight trackers and airport security scanners. That these scanners have become so advanced that soon we’ll be able to ditch the universally hated 100ml liquids rule is in itself wonderful.
These tech advancements certainly make travel quicker and simpler – when they work – but a complete nightmare when they don’t.
And that’s increasingly the problem. Hacking of travel-related computer systems is becoming more prevalent – indeed, a 2022 Threat Intelligence Report by Check Point Research found that the global average number of attacks against organisations in the tourism and leisure sector increased by 60 per cent from Jan-June 2022, compared to the first half of 2021.
And it’s all so complicated now. In the olden days, a hotel room would simply have a heater for cold days and a fan for warm ones – now there’s an aircon/heating panel requiring a PhD in hieroglyphics to decipher.
I recently stayed at an Airbnb where the owner had actually removed all the light switches, and the lighting could only be operated by an app on your smartphone. Of course, my mobile’s operating system was incompatible, so I was reduced to buying a large number of candles. Certainly romantic, but pretty bloody inconvenient.
Thankfully, hotels aren’t as crazy as that yet, but increasingly you are confronted by an iPad or panels with indecipherable lighting controls.
Of course, most disruptive is when air traffic control goes wrong. Last month, the UK saw the biggest air traffic control meltdown in 20 years, resulting in more than 2,000 flights being cancelled. It is believed that just one incorrect flight plan caused it.
British Airways has been particularly plagued by IT failures. In May, at least 175 flights were cancelled because of computer glitches; the airline had to cancel flights just before Christmas last year; and also in 2017 for the same reason, the latter stranding 75,000 passengers over a holiday weekend.
“These incidents have highlighted the industry’s heavy reliance on complex IT systems that are vulnerable to failure,” says Jamie Akhtar, co-founder and CEO at CyberSmart. “While technology has increased efficiency and convenience, it has also centralised key infrastructure and control systems that can magnify disruptions when problems do occur. Recent failures highlight the need for better cybersecurity and perhaps less reliance on centralised networks.”
Travel-related cyber threats are becoming more frequent, sophisticated, disruptive and dangerous, according to Erfan Shadabi, cybersecurity expert at comforte AG. “The rapid digitisation of the industry, coupled with the increasing dependence on interconnected systems and the storage of vast amounts of sensitive customer data has made it a prime target for cybercriminals.
“Cyberattacks on travel-related organisations have been on the rise, targeting hotels, airlines, travel agencies, and even travellers themselves. Cybercriminals are continually evolving their tactics, techniques, and procedures to bypass traditional security measures. Advanced persistent threats, zero-day vulnerabilities, and social engineering attacks are becoming more prevalent.”
It’s vital, then, that travellers safeguard against tech-related threats – so much as they can.
“Back up important data and files and store copies in the cloud or on an external hard drive, in case your device is breached or stolen,” says Akhtar. “Enable auto-sync and cloud access for apps and services you use regularly. That way you can access info and content even without your main devices.
“Install VPN services on your devices to protect your data over public WiFi networks. Avoid doing sensitive work like online banking on public connections. Have a backup plan in case the worst does happen.”
And when you’ve done all that? Pop a bit of local currency in your wallet. Just in case.