While post-pandemic business travel has widely resumed, travelers still face a myriad of challenges when it comes to the reliability of the travel partners upon which we rely. To further complicate life on the road, there has been a significant increase in cybersecurity risks associated with online reservation links used by many companies for booking, re-booking, and tracking of flight and lodging reservations.
These types of helpful customer service tools, which have been implemented with the best of intentions, are being mimicked by bad actors to trick travelers into clicking on bad links or opening infected attachments. The messages look legitimate to travelers in a time of need but lead to content that contains malicious software. According to the security company Proofpoint, bad actors have ramped up their attacks on unsuspecting travelers by including attachments in messages sent under the guise of being helpful. Once clicked, the link or attachments can disperse an array of malicious software that infects the device being used. The result may be data theft, taking over control of the device, or reconnaissance being performed on the device to learn user behaviors without their knowledge.
The goal of these types of attacks is believed to be financial gain for the groups that run them. Money could be stolen from individual users, or information gained could be leveraged for theft from companies in the travel and hospitality industries. According to researchers, these types of attacks have increased from just five known instances from 2018 to 2021 to over 25 so far in 2022. The increase in post-pandemic travel is providing ample hunting ground for these bad actors so it is important for individuals and companies to keep up their guard.
What can you and your company do? Ideally, your security program already has an array of controls in place to help protect against these types of threats. Standard device configurations, active anti-malware software, device monitoring, and alerting, along with end-user security awareness training are all helpful tools in the ongoing defense against bad actors and their evolving antics. With Cybersecurity Awareness Month coming up in October, now is a great time to make sure your organization has a plan for keeping all users aware of evolving threats as well as the controls in place to protect them.
Vistrada is a business, technology, and management services firm dedicated to helping clients plan, design, and implement initiatives supporting business transformation, integrated risk management, cybersecurity, and managed services. Vistrada provides seasoned expertise with a flexible team structure allowing agility and responsiveness to our client’s evolving needs. This ensures deploying the right team during a client’s journey to optimize their investment.
Vistrada’s vCISO offering takes a holistic view of cybersecurity allowing you to assess your risks and determine the appropriate mitigation strategies for your business. Vistrada helps identify and implement the right level of security support and service to ensure protection and compliance in a rapidly changing cyber environment. Vistrada also engages with clients for point-of-need cybersecurity services through our full suite of services.
Learn more at https://vistrada.com/cybersecurity
Contact us via email at vciso.support@vistrada.com