The digitisation of everyday life has increased the “attack surface area” for cyber criminals and state backed hackers, and people are particularly vulnerable when they are travelling.
The International Travel Crisis Management Summit in London last week heard from Jens Monrad, senior intelligence analyst at cyber security specialist FireEye.
Monrad said while many emerging and aspiring nations are investing heavily in cyber offensive capabilities not many are focussing on defensive systems.
He warned not all hackers are after money – many, particularly those that are state-backed, are seeking confidential information from companies and public bodies to use to their advantage.
“When we look at travel, this is where we are vulnerable. At home I have a secure environment, I can lock my doors,” he said.
“When we are travelling we are very vulnerable. We have to be in specific places at specific times. This is something that we are seeing cyber criminals and hostile states are taking advantage of.”
The hospitality sector is particularly vulnerable to attack because front desk operatives are easily duped into opening emails which they think are bookings or other customer enquiries.
Hotel guests are also vulnerable when they use open Wi-Fi networks because it is simple and cheap for cyber criminals to set up a parallel network and fool people into logging on.
Monrad offered three key tips to keeping secure when travelling: “First, be aware of your surroundings.
“You hear conversations in public places all the time that include information criminals can use to get access to your business and your customers.
“Second, do not trust open networks. If you need to connect to the internet when you are travelling us a virtual private network, some sort of secure method, to make sure communications on your device are encrypted. Open networks are open to everybody.
“Third, minimise your attack surface area. Why do we bring our lap tops with us when travelling? They are a very high attack surface area.
“Give your executives a tablet. Do they need the entire laptop with spreadsheets and sensitive documents on them to do a presentation or a company meeting?”
Monrad said the typical cyberattack follows a familiar pattern. There will be an initial reconnaissance during which the attacker figures out its target’s vulnerabilities.
Then a system compromise will happen, usually from an email that purports to be of high importance and uses intelligence on the victim to appear genuine but which contains malware.