Cybersecurity threats growing in travel and transportation, but travellers are ‘still blind to the risks they face on the road’

The travel industry and its customers are increasingly the targets of cyberattacks as criminals seek to monetise highly valuable travel data, but despite the warnings travellers are “still blind to the risks they face on the road,” according to latest research on the subject from IBM Security.


Summary:

  • The travel industry and its customers are increasingly the targets of cyberattacks as criminals seek to monetise highly valuable travel data;
  • A new survey found that despite 40% of travellers acknowledging it was likely they would be targeted by cybercrime while travelling, 70% are still engaging in high risk behaviours while on the road;
  • Around 45% of business travel respondents said they carry a device with valuable or sensitive information on it, yet admitted much more frequently to risky behaviours.

A new survey of US travellers conducted by Morning Consult on its behalf found that despite 40% of survey respondents acknowledging it was likely they would be targeted by cybercrime while travelling, 70% are still engaging in high risk behaviours while on the road such as connecting to public WiFi, charging a device using a public USB station, or enabling auto-connect functionality on their devices, all of which puts their information at risk.

And it is the business travellers that perhaps have the most to lose from a crime that were found to be more likely to engage in risky behaviours. Around 45% of business travel respondents said they carry a device with valuable or sensitive information on it, yet admitted much more frequently to risky behaviours.

Around two in five (42%) business travellers confirmed they connect to public WiFi every time or very often, compared to 34% of personal travellers doing this every time or very often. Slightly less (40%) charge a device using a public USB station every time or very often versus 28% of personal travellers. A similar number (39%) enable auto-connect on their devices every time or very often, almost a third more than the 30% of personal travellers.

The survey also highlights that travellers are acutely aware of the risks to their financial information with more than half of those surveyed saying that they are extremely or very concerned that their credit card (53%) or other sensitive digital information (52%) will get stolen when travelling. That number drops significantly when they are not travelling, with only 40% similarly concerned that financial information will be stolen at home and 41% that their digital information will be stolen at home.

Earlier this year IBM revealed how the transportation industry has become an increasing Cybercrime target with its X-Force Threat Intelligence Index 2019 ranking it as the second-most attacked sector in 2018 behind the financial service sector – moving up from 10th in 2017.

Organisations and personal users across all industries are facing unmanageable levels of cyberthreats brought on by the changing threat landscape, the risk of exposure, and an ever-growing attack surface. While, security has increasingly become an integral part of culture and overall structure, the report acknowledged changes to the threat with cybercriminals are moving away from malware-based attacks and instead abusing operating system tools to achieve their goals.

The rise of the transport industry on the hackers hit list shows that Cybercriminals aren’t just changing how they hack, but also who they target. The financial services industry remained the most attacked sector of 2018 accounting for 19% of all attacks observed by IBM X-Force IRIS, but the transportation industry saw a three-fold rise in attacks year-on-year to reach a 13% share. Since Jan-2018, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches, it says.

It is not just a matter of the sheer volume of attacks, but also in the calibre of victims. X-Force saw more public disclosures in 2018 than in previous years in the transportation industry. These disclosures likely encouraged hackers as they may reveal that these companies are vulnerable to cyberattacks and that they hold valuable data such as customer data, payment card information, PII, and loyalty reward accounts.

“Travelling has always been when people are more vulnerable. A few hundred years ago, the perpetrators were pirates or highwaymen. Now those criminals are still out there, but they’ve changed their methods to focus on digital attacks instead,” says Caleb Barlow, vice president of X-Force Threat Intelligence at IBM Security.

“People carry a goldmine of data when travelling including passports, payment information and detailed travel itineraries. When placed in the hands of a cybercriminal, all of this information can be patched together into a complete picture of the traveller’s life to inform identity theft, initiate spear phishing attacks, or be sold on the dark web,” he adds.

Travelling can clearly make people more vulnerable to security threats than they are at home. On the road, people tend to be distracted and overwhelmed, often opting for convenience over security. At home, they may have safeguards like controlling physical access to devices and setting up firewalls to prevent digital intrusions, but on the road, they might be more exposed.

The research findings suggest it is not a complicated education process but a simpler re-education and the addition of digital guardrails for a safer trip. It all highlights the importance for travellers and travel and transportation companies to understand the threats that are facing them and take precautions to help protect any sensitive data as it is clear that cybercriminals are increasingly drawn to the travel industry because of the wealth of data it holds and the economic value it drives.