Recently, the CEO of Travelex broke the silence on the cybersecurity breach that tore into the company, resulting in a $6 million ransom from hackers. This is not the first time the travel industry has been hit with an attack. For example, last year the Marriott hotels breach leaked a large amount of sensitive customer data during their merger with Starwood (as Digital Journal reported).
This is unlikely to be the end of the matter, with security experts are anticipating and preparing for more cyber-threat to strike the travel sector.
To look at what can be done to improve cybersecurity, Digital Journal spoke with Eyal Hayardeny, co-founder and CEO of Reblaze.
Digital Journal: Why does the travel industry seem particularly vulnerable to cyber-attacks?
Eyal Hayardeny: Over the last few years, we saw that people rather book their trip, whether it’s plane tickets, hotel reservations or car rentals, online than through a travel agent. As a result, the travel industry has become a prime target for hackers as many websites hold sensitive data on its servers.
DJ: What have been some of the biggest cases in recent years?
Hayardeny: There have been many notable hacks in recent years in the travel industry, some of the most notable include Air Canada’s data breach in 2018 that exposed 20,000 passenger records, the British Airways hack that stole 500,000 records in 2018 and Travelex hack that occurred earlier this year, taking down its website across 30 countries and held data ransom for $6 million. All of these hacks had major impacts to the companies and exposed thousands of sensitive customer data.
DJ: Do these cyber issues have common themes?
Hayardeny:Most of the data breaches could be traced to the inadequate protection of websites, web/mobile applications and servers. Be it an undisclosed vulnerability or simply the absence of security checks, many websites today that handle sensitive data and have a high transaction volume are not protected as they should be leaving an open door to hackers.
DJ: What can businesses do to minimize cyber issues?
Hayardeny:There are a number of things companies can do to better protect themselves and their customers’ data including:
Make the move to the cloud – while many companies are wary of the cloud, it is the most secure solution today. Being on the cloud ensures that you will have up to date protection and be able to immediately respond if an incident occurs.
Find the right solution to protect your data: – deploy the right protection for your specific problem. If you need a solution for bot management, don’t rely on your Anti-Virus to protect you from malicious bots scraping your data – deploy a bot management solution for a better outcome and increased protection.
Be compliant – be it GDPR or CCPA, make sure your business is compliant and you follow all recommendations.
Be prepared for an immediate response – make sure that the security solution you choose offers around the clock support for immediate response. Some security providers offer a fully managed solution, allowing them to manage the security solution for you.
DJ: What measures can consumers take?
Hayardeny:Consumers need to be cautious when giving away their private information to anyone but there are a few things to keep in mind that can help keep their data safe. Our top tips are, book travel on legitimate websites only, use two step verification wherever you can, use various passwords across accounts and change your password frequently and be alert – if it looks too good to be true, it probably is.
DJ: What was the idea behind Reblaze?
Hayardeny:We created Reblaze to deliver the best web security technologies in a unified platform that is easy to implement and requires minimal maintenance. We wanted to help organizations securely move their business to the cloud which allows them to comply with current guidelines.
DJ: How does the technology work?
Hayardeny:Reblaze is a fully managed, all in one web security solution that provides businesses with all they need to secure their online assets and databases through Bot Management solutions, Next Gen Web Application Firewall, API Security, DDoS protection, and so much more. Reblaze offers a tailor-made solutions and 24/7/365 support that includes a fully managed service.
There are many ways to implement Reblaze’s solution, however, in general, Reblaze checks each request coming into the website, web application or API and verifies if the request is legit, (made by a real person) or if the request is malicious,(made by a bot or attacker). The test is seamless to the user and takes less than a millisecond to perform.
DJ: How did you test out the technology?
Hayardeny:While developing the solution, Reblaze’s engineers examined and analyzed numerous amount of website traffic, learning to distinguish between human traffic and bot traffic and today, Reblaze has more than 300 customers around the world that are using the technology on a daily basis.