Identifying industries in need of massive access management overhauls
May 13, 2014

In the past several years, countless data breaches have highlighted the importance of enhanced identity and access management on a large scale, though specifically for financial services, public sector and health care organizations. However, one of the most consistent lessons learned from these breaches is that those sectors that have not yet advanced their controls over security, especially data and networks, will be the next to fall. 

Hackers work in a highly opportunistic nature, almost always looking to grab the low-hanging fruit rather than trying to overcome vast obstacles and breach the systems of a well-protected organization. This is evidenced by the wealth of research that indicates the the most common causes of data breach continue to be errors, a lack of relatively simple controls and apathy. 

Virtually any organization that handles sensitive data, notably personally identifiable information, must take proactive and comprehensive steps to protect clients, as well as themselves, from exposure and breach. In the coming years, more public sector entities will likely remain vigilant in legislative expansions to expand the scope of regulatory compliance, and falling behind can put a company in a precarious position. 

A look at hospitality
Forbes recently reported that some security experts have grown increasingly concerned regarding the security practices of hotels, restaurants and other organizations in the hospitality industry, as these firms tend to collect and store a wealth of sensitive information. Thinking back to a year ago, the retail sector was not exactly the most spoken-about industry among IT security experts and analysts. 

Despite major breaches such as the one that took place at the Massachusetts-based TJX Corporation back in 2007, exposing the information of tens of millions of individuals, the industry was not constantly in the news for its shortfalls in this arena. According to the source, the victimization of Target, Michaels, Sally Beauty and a few others that all took place within a few months of one another has put the spotlight directly on retailers in general. 

However, forward-thinking is increasingly important to proactively avoid breaches, and other industries that have not commonly thought about security need to do so before they become the new favorite target of hackers. The news provider pointed to the comments of former security consultant who pointed to hotels' specific risks and perceived lack of attention to protection. 

"The hospitality industry as a whole, and restaurants in particular, are rife with theft and misappropriation of consumer's card data," Durko explained, according to Forbes. "Our findings show that there is little to no training of employees on data privacy – insufficient or no policies in place for the protection of data, limited visibility of the point of sales systems beyond that provided by the POS manufacturer, and more often than not the POS systems are not configured in a PCI compliant manner."

Same rules apply
As is the case with any company that handles financial data, the best control and protection practices must be followed consistently to avoid sanctions, fines and breaches. This story also alludes to another issue that faces many organizations, in the Payment Card Industry Data Security Standards, as well as other regulations, are not always relevant enough to truly ensure defense against hackers and breach.

By using more advanced security controls, such as multi-factor authentication solutions that help drive end user engagement and the total handle a firm has over its access monitoring capabilities, businesses will be able to transcend simple compliance and attain even greater resilience against breach. These tools have already become popular among financial services providers, and would likely be useful for organizations in the hospitality industry as well.