Warning use of AI in hospitality could lead to ‘more sophisticated’ cyberattacks

Restaurants and hotels should “carefully consider” the risks of using generative artificial intelligence (AI) technology in their businesses before committing to it, a report has warned.

The study by global cybersecurity business Trustwave warned of the dangers of the industry’s growing reliance on customer analytics platforms that are powered by generative AI.

It stated the presence of Large Language Models (LLMs), such as ChatGPT, could also lead to “more sophisticated” cybersecurity attacks as these systems are able to create “highly personalised and targeted messages”.

Nearly a third (31%) of hospitality organisations have reported a data breach in their company’s history, with 89% of them stating they have experienced multiple incidents in a year, according to a report by Cornell University and FreedomPay.

Trustwave's study raised concerns around the increased speed and quality at which attackers can forge phishing emails, which it warned are “the most commonly exploited” method for “gaining a foothold in an organisation”.

It advised hospitality businesses to find security tools or partners that can detect AI generated threats and train staff around data sharing to minimise the risk of large-scale breaches.

It comes after Andrew Rubinacci, executive vice president of commercial and revenue strategy at Aimbridge Hospitality, warned hospitality will be “left behind” if the industry does not start embracing AI and invest in technology.

Trustwave said “the nature and scale of the hospitality industry” has created an environment that is “inherently conducive and appealing” to hackers.

The quality and quantity of data available; the prevalence of third-party software; and the reliance on a large and seasonal workforce with high turnover all contribute to the industry’s vulnerability to attacks.

It added that the industry’s frequent use of high-network user systems, such as public Wi-Fi, as well as accessible hardware by hotel or restaurant guests, could also heighten the risks of cyberattacks.

Hoteliers were urged to take extra care when verifying bookings from Booking.com following a rise in fake reservations being made through the website in June this year, while in September 2022, IHG, which owns 18 hotel brands, including Holiday Inn, Hotel Indigo and Crowne Plaza, reported "unauthorised activity" in its technology systems which resulted in severe disruptions to its booking channels.

The report said the hospitality industry should implement prevention measures, such as simulating phishing assessments, routinely changing passwords and regularly evaluating access controls.

Trustwave’s study was titled2023 Hospitality Sector Threat Landscape: Trustwave Threat Intelligence Briefing and Mitigation Strategies.

*Image: zhu difeng / shutterstock *