GLOBAL REPORT – The possibilities forartificial intelligence (AI) are expanding exponentially in the hospitalityindustry. Around the world, hotels are already reaping the benefits of AI tostreamline operations and enhance guest experiences.
For example, hotels are implementing the useof AI-powered chatbots to act as virtual concierges, instantly responding toguest queries, offering 24/7 support for room service and other amenities, andeven using predictive analytics to provide personalized recommendations forthings like dietary preferences and room upgrades. AI-integrated Internet ofThings (IoT) systems, meanwhile, give staff seamless behind-the-scenes control,with hospitality companies using the technology to monitor energy consumptionand optimize lighting, heating, and cooling in their properties.
But energy monitoring and temperature controlare just scraping the surface of what AI can do for hoteliers. In Las Vegas,construction is underway on a new “smart hotel” that promises to be the world’sfirst truly AI-powered hotel, leaning on the technology for top-to-bottomoptimization with dynamic room allocation, a “gamified Q&A session” forcheck-in, and a do-it-all concierge AI system and personal assistant.
While AI can bringgreater convenience for guests and improved efficiency for hoteliers, it alsocreates new cybersecurity challenges and opportunities for cyberattacks.
Check-In kiosks create opportunities for data theft
AI can personalize guest experiences, streamline reservations and check-ins,and even optimize housekeeping schedules. But doing all this requires data. Alot of data. For hoteliers, this creates new concerns for data privacy—and newopportunities for data theft.
Unfortunately, despite the growing popularity of IoT in hospitality, the devices remain notoriously insecure, making them an attractive target for cyberattackers.
To automate check-in from start to finish,self-service kiosks must collect and process scores of guests’ personal andfinancial data (e.g., credit card numbers, names, addresses, and other personallyidentifiable information known as PII). In doing so, they become a virtualstockpile of sensitive information—and an attractive target for hackers hopingto steal PII and sell it on the dark web.
Hackers can compromise self-service check-inkiosks via malware, brute-force, or other attacks. When they do, they can notonly make off with guests’ data but potentially infect a hotel’s entirenetwork.
IoT devices introducemore (costly) vulnerabilities
Similar risks arise from IoT devices. Modern hotels aim to create completelyseamless, personalized guest experiences with smart locks, smart thermostats,and many other IoT devices. But these IoT devices have also become a target forthreat actors.
By hacking into just one insecure IoT device,bad actors can potentially gain unauthorized access to a hotel’s entirenetwork, setting the stage for more cyber incidents like ransomware attacks,data breaches, etc. In fact, a Forrester report shows that “34% of enterprisesthat fell victim to a breach via IoT devices faced higher cumulative breachcosts than cyberattacks on non-IoT devices, ranging between $5 million and $10million.”
Unfortunately, despite the growing popularityof IoT in hospitality, the devices remain notoriously insecure, making them anattractive target for cyberattackers.
Third-party serviceproviders add another layer of risk
Hacking on-site devices isn’t the only way bad actors can infiltrate hotels’networks. They can also take advantage of a hotel’s third-party connections togain unauthorized access and disrupt operations.
Bottom line: Working with AI service providers can greatly enhance hotel operations—but it also expands your supply chain and introduces new opportunities for cybersecurity risks.
For example, hoteliers often enlist the helpof a third-party vendor to manage an AI-powered chatbot or self-servicecheck-in kiosk. While this means the hotel offloads the work of building andmaintaining the technology, it also means relinquishing full control andvisibility of all the data these systems collect and process (i.e., hotel guests’PII).
Nonetheless, in the event of a cyber incidentand data breach, the impacted hotel is the one responsible for the loss ofcustomer data, as well as the legal and financial repercussions that come withit.
Bottom line: Working with AI service providerscan greatly enhance hotel operations—but it also expands your supply chain andintroduces new opportunities for cybersecurity risks.
Protecting your hotelfrom new AI cybersecurity risk
Undoubtedly, integrating AI-powered technology brings new cybersecurity risksfor hotels, such as more complex supply chains, greater IoT vulnerabilities,and new opportunities for data theft. But slowing AI adoption isn’t the rightcourse of action either—not when considering the many opportunities for ROI onAI in hospitality.
Instead, hotels can take a cyber-focusedapproach to AI integration by prioritizing best practices like:
Strategic data collection: Limit guest datacollection as much as possible. By only collecting and storing what’sabsolutely necessary, hotels can mitigate the damage of potential databreaches.
Data encryption: Guest data should always bekept secure—both when it’s being shared and when it’s being stored—by usingstrong encryption methods to protect it from unauthorized access.
Network segmentation: Divide the hotel’snetwork into isolated segments (e.g., Wi-Fi, IoT devices, etc.). This way, ifbad actors do successfully hack IoT devices or check-in kiosks, the breach canbe contained by limiting their ability to move across systems.
Third-party security assessments: Regularlyaudit third-party service providers’ cybersecurity postures to identify cyberrisks in your supply chain (and take steps to mitigate them) before hackers geta chance to exploit them.
For proactive protection from new AI-relatedcybersecurity risks, participating in specialized industry intelligence-sharinginitiatives is key to a comprehensive defense strategy. By joining forces withother hospitality organizations, individual hotels can dramatically increase theirown cyber intelligence to stay on top of evolving threats—and stay one stepahead of hackers.
Contributed by Pam Lindemoen, chief securityofficer and vice president, R&H ISAC, Vienna, Virginia
The views and opinions expressed in thiscontent do not necessarily reflect the opinions of Hotel Investment Today byNorthstar or Northstar Travel Group and its affiliated companies.
