• by Ray Schultz , November 28, 2017

Hotel chains and tourism outfits don’t have to look far to find the source of most data breaches -- they only have to examine their own terminals, according to a study by digital security firm BitSight.

The biggest breach type in the hospitality field is at the point of sale (POS). Web apps are the second most likely conduit of attack, and are the top threat in retail. While email does not appear to be a major avenue of attack, it is part of the picture.

“Some (but not necessarily all) of the breaches involved in this research included the compromise or loss of email addresses,” says Stephen Boyer, CTO and co-founder for BitSight. 

A BitSight blog post on the study says the retail and hospitality industries are “commonly regarded as ripe targets for POS attacks due to the large amount of brick-and-mortar locations with exploitable payment terminals.”

The post adds that hospitality companies ‘would do well to take specific actions to address their risk of POS attack such as monitoring endpoint security and ensuring data is safe behind properly configured firewalls.”

Web apps account for over 25% of the incidents observed, the post continues. Also ranked in the top three breach types is the category "other." Although listed in the low single digits, the other retail threats include crimeware, error and lost/stolen asset.

Not all the news is bad. The BitSight blog post also reports that both industries “show a slight decline in security events during the holidays.”

To explain why these breaches occur, the article says “it is possible that controls and security practices are stepped up as the holidays approach, or that companies are simply too busy during this season to report breaches as they occur (this might also explain spikes early in the year).”