The past 12 months have seen many notable cyberattacks and privacy breaches that impacted major organizations around the world. However, an expert from Cyberscout says that the list of key cyber events from 2020 would be incomplete without one key sector, as well as the many small to mid-sized breaches that occurred last year.
Find out more: Learn everything you need to know about Cyberscout here.
The hospitality sector in particular saw two of its biggest players hit with breaches, at the same time as it became a major victim of the coronavirus pandemic, noted Eduard Goodman (pictured), global privacy officer at Cyberscout. One of the cyber incidents took place in February 2020, when the data of over 10.6 million individuals who were guests at MGM Resorts hotels was left exposed on the dark web, potentially for hackers to abuse. Leaked data included guests’ names, addresses, phone numbers, emails, and birthdates. The exposed files, which were posted on a hacking forum, not only gave away the details of regular tourists, but also the information of visiting celebrities, CEOs, reporters, tech company employees, and even government officials.
Notable people whose data was found among the exposed files included Twitter CEO Jack Dorsey and singer-songwriter Justin Bieber, and, in total, the personal details of 10,683,188 former hotel guests were leaked.
Another significant hospitality-focused breach occurred when 5.2 million Marriott International guest records were stolen in January 2020. According to reports, hackers accessed an internal data system that contained the personal information of millions of people, including their names, contact details, and addresses.
“Both of these events impacted two major industry players amid what was probably one of the worst economic downturns for hospitality,” said Goodman. “Especially when folks start getting back to travelling, and business travel in particular, I think those events were both significant reminders of the fact that the hotel industry is hurting, and that they’re also having security issues.”
In addition to the many headline-grabbing breaches from 2020, there were many smaller cyberattacks that, taken together, were notable in their numbers. “What’s probably most significant in 2020 is the sheer increase in volume of cyberattacks on small to mid-sized businesses. I don’t want that to be lost on folks when we talk about all of the big attacks, because the reality is that SMEs are basically getting hit on the regular right now,” explained Goodman, adding that these businesses are facing further pressure from the move to remote work and having less access to strong security networks in their new work environments.
He continued, “In most years, you’ll see one to three mega breaches that take all the headlines, but in 2020, we’ve seen more ‘less than mega’ breaches.”
Another key trend made evident in the past year is that cyberattacks are becoming more global in nature, in that they can impact companies of all sizes, anywhere in the world. There’s also been more state-sponsored attacks, which add complexity to an already challenging cyber risk landscape.
Overall, said Goodman, “What we can really call out is that 2020 wasn’t a normal year … The global distribution of cyberattacks and the way they’re changing is really important to recognize.”