Project

Cyber Security Awareness in the tourism industry: Implementation of simplified indicators for assessing the risk of social engineering attacks in order to identify the right learning solutions.

Goal: On the 6th of December 2016, the four-star hotel Romantik Seehotel Jägerwirt, in Austria, was hit by a ransomware (Wired, the 2nd of February 2017).
All data is encrypted and a 2 Bitcoins ransom is paid (approximately 1500 Euros in that period) in exchange for the decryption key. Despite paying for the ransom, the hackers attack the hotel again a few weeks later. Beyond the temporary dysfunctions, the cyber attack has damaged the Austrian hotel e-reputation, causing a loss.

That kind of cyber attack is increasingly frequented. Moreover, in the tourism industry, reputation-related effects are stronger because when a hotel customer enters into a hotel, he comes in a private universe that should never be violated.

Paradoxically, however, this kind of attack is not technologically very advanced. Generally, it is a human weakness, caused by unaware employees. While security technologies for small business are more available, small is done for actively improving cybersecurity awareness.

Additionally, in the tourism industry, entrepreneurs and their employees are generally overwhelmed by intense work concentrate in the peak period. So they do not have the time to assure or implement cybersecurity compliance. Yet without security or the perception of safety the tourism market cannot flourish.

For evaluating the level of cybersecurity awareness in an organization, researchers or security agencies generally use surveys or audits. Nevertheless, we cannot impose high-level compliances to small touristic business. To be honest, both are too expensive and time consuming for a small touristic business in the middle of the peak season. We need to find more agile indicators, not only to gauge the cyber risk but also to force to an action.

That’s why we need to find specific indicators for small enterprises to identify their cyber-connected risks and improve the cyber hygiene of their work-team.

In this way, we will allow managers to find the appropriate and most efficient learning solution for their employees in order to develop the right cyber security awareness.

In other words, this research aims to highlight only those indicators that are capable to trigger an action (as acquiring a skill through an adapted learning module) without affecting their business too much.

Updates
0 new
0
Recommendations
0 new
0
Followers
0 new
1
Reads
0 new
45

Project log

Enrico Panai
added a research item
If people are tired, their level of awareness decreases, and they risk more. At the same time, if they are digitally tired, they cyber risk enormously. Cyber risks are not more geographically located, but they can proliferate in the unrestricted space of the infosphere. Therefore, if the goal is to protect people, organizations, and nations, we have to reduce the fatigue to comply with cyber security rules and guidelines. For the private and national cyber security, a sensible place is the tourism market. To help the hospitality industry, in particular small and independent hotels, to comply with cyber security guidelines, this work changed the paradigm and adapted a national cyber security framework to their peculiarities: The pace of work and the seasonality.
Enrico Panai
added a research item
Cyber security is becoming a mandatory asset for the tourism market. While chain hotels have already started to implement their cyber security strategies, independent hotels are struggling with the complexity of digital security. We do not yet have standard indicators to measure the economic impact of a cyber threat or the return on investment of infrastructure or training; nevertheless, evidence exists that for independent hotels the impact of a cyber-attack could be disastrous. While scholars debate about establishing shared indicators to identify the economic impact of a cyber security breach, companies and governmental agencies are acting with standard countermeasures. Nevertheless, independent hotels need a more specialized approach due to their peculiar nature and organization. Therefore, instead of using general frameworks, we suggest a cyber security paradigm specifically created for the tourism market. Our goals are to simplify the language, clarify the organizational hierarchy, and keep the attack surface as small as possible. In brief, inspired by an Italian Cyber Security Framework for small business enterprises, we propose a prototype of a customized cyber security framework for independent hotels that, we think, will have a direct effect on the protection of the hotels' data and on the safeguards for business and leisure travelers' privacy: two essential pillars for the growth of hotel competitiveness.
Enrico Panai
added a project goal
On the 6th of December 2016, the four-star hotel Romantik Seehotel Jägerwirt, in Austria, was hit by a ransomware (Wired, the 2nd of February 2017).
All data is encrypted and a 2 Bitcoins ransom is paid (approximately 1500 Euros in that period) in exchange for the decryption key. Despite paying for the ransom, the hackers attack the hotel again a few weeks later. Beyond the temporary dysfunctions, the cyber attack has damaged the Austrian hotel e-reputation, causing a loss.
That kind of cyber attack is increasingly frequented. Moreover, in the tourism industry, reputation-related effects are stronger because when a hotel customer enters into a hotel, he comes in a private universe that should never be violated.
Paradoxically, however, this kind of attack is not technologically very advanced. Generally, it is a human weakness, caused by unaware employees. While security technologies for small business are more available, small is done for actively improving cybersecurity awareness.
Additionally, in the tourism industry, entrepreneurs and their employees are generally overwhelmed by intense work concentrate in the peak period. So they do not have the time to assure or implement cybersecurity compliance. Yet without security or the perception of safety the tourism market cannot flourish.
For evaluating the level of cybersecurity awareness in an organization, researchers or security agencies generally use surveys or audits. Nevertheless, we cannot impose high-level compliances to small touristic business. To be honest, both are too expensive and time consuming for a small touristic business in the middle of the peak season. We need to find more agile indicators, not only to gauge the cyber risk but also to force to an action.
That’s why we need to find specific indicators for small enterprises to identify their cyber-connected risks and improve the cyber hygiene of their work-team.
In this way, we will allow managers to find the appropriate and most efficient learning solution for their employees in order to develop the right cyber security awareness.
In other words, this research aims to highlight only those indicators that are capable to trigger an action (as acquiring a skill through an adapted learning module) without affecting their business too much.