UAE IAA Hospitality sub group holds a seminar on cyber security.
A cyber-attack happens every 39 seconds, 291 data records are stolen every second. Internal auditors in hospitality sector told to have basic cyber hygiene.
DUBAI – The hospitality industry is increasingly prone to cyber-attacks and breach of customers’ personal data. Generally there are two types of organizations. Ones that are aware that they have been hacked and the second have been hacked already but are not aware of it. In today’s world, there is nothing called absolute security against cyber security. Internal Audit have an important role to play by critically evaluating the cyber foot print of their organizations and provide assurance on the cyber resilience program, according to Hospitality sub-group performing under the UAE Internal Auditors Association.
The Sub-group organized a seminar by experts for the UAE IAA members from the private sector and non-profit and government sectors that specialize in the hospitality to benefit from knowledge sharing and networking.
The seminar focused on cyber resilience against cyber-attacks, the attendees were told that cyber-attacks are the new norm with the attacks getting more sophisticated & worse by impact. Based on statistics , a cyber-attack happens every 39 seconds, 291 data records are stolen every second and there is 133 percent increase in data records exposed in 2018, $148 is the average cost of each stolen data record and $3.86 million is the average cost of a cyber-attack.
UAE IAA Hospitality sub group Chairman Aldrin Sequeira, who is also Chief Internal Audit Officer – Jumeirah Group, said the seminar is about getting all hospitality professionals from the internal audit sector together to provide them with valuable information about the cyber threat in the hospitality industry and how they can provide assurance on cyber security and cyber resilience.
“It is all about protection and the DNA of every organization, should include looking for potential threats, whether it is phishing, hacking, or any kind of vulnerability to make sure they are adequately protected,” he said.
Internal auditors need to inform the Board, Audit and Risk Committees and Management on the potential risk and actually devise recommendations on how they can mitigate those cyber security related risks. In case of cyber exploitation, it could result in reputational damage and have significant financial consequences,” he said.
It is the responsibility of the Internal Auditor to provide assurance and ensure there are adequate controls to mitigate key risks. Cyber-attack is a risk and it is one of the many risks that internal auditors need to be aware of so that they can also help in protecting the organization.
Amit Tenglikar, Senior Manager, Technology Advisory Services, BDO Chartered Accountants and Advisors, in his presentation said that hotels are prone to cyber data breaches as they collect highly sensitive, valuable and varied personal data on their customers. Since hotels strive to give their guests personalized experience, they tend to collect and store this customer data. Hotels manage a large number of financial transactions, which often involve executives and wealthy individuals. They use loyalty programs to encourage repeat visits and additional stays. Loyalty related scams are much harder to detect as users don’t typically watch their loyalty point balances the way they watch their credit card statements.
He cited the case of personal data of 500 million International Hotel Chain guests exposed in a massive breach in 2018. “500 million customers’ details, including credit card and passport information were leaked and hackers had access from probably September 2014,” he said during his presentation.
In another case involving a different International Hotel Group, the rewards members details were leaked. Around 10 per cent of customer details, including names, addresses, email IDs, company names, phone numbers, member numbers and frequent flyer members, were compromised resulting in reputational loss.
He cited another case of a Dubai based firm which lost $53,000 in a single cyber-attack.
The key message on cyber security is to make sure that you have the essential cyber hygiene first before investing in the more advanced detection tools. Once you have the basic cyber hygiene, you could deter majority of the cyber threats. This will allow you to deal better with the more granular problems relating to cyber exposure.
Internal auditors have a key role on this where they can identify the gaps, highlight the right issues and also guide you through the recommendations on how to fix it.
Ramakrishna S Nivarthy, Director, Quality and Risk Management, BDO Chartered Accountants & Advisors, said that like risk professionals, Internal auditors raise the red flag that there is a problem and then they can work with the team to come with solutions to address those problems. Those are the key skill sets the internal auditor has and they can use that skill set to assist others who probably have a blind spot.
The hospitality sub-group under the UAE Internal Auditors Association, has a vision to be recognized regionally as the hospitality industry leadership group adding value to internal auditors and business advisory practitioners in the sector. The mission is to create and standardize best practices and promote common interests across the hospitality sector under the umbrella of the IAA UAE.
Vicky is the co-founder of TravelDailyNews Media Network where she is the Editor-in Chief. She is also responsible for the daily operation and the financial policy. She holds a Bachelor's degree in Tourism Business Administration from the Technical University of Athens and a Master in Business Administration (MBA) from the University of Wales.
She has many years of both academic and industrial experience within the travel industry. She has written/edited numerous articles in various tourism magazines.
