Strengthening cybersecurity: lessons from the hospitality sector

20 February 2024

Every single day our lives become more and more intertwined with online platforms, and the spectre of data breaches looms large. In 2023 alone we witnessed an alarming exposure of over eight million records worldwide, underscoring the escalating threat to our digital security.  

From social media giants to e-commerce websites, no sector is immune, and even the seemingly impenetrable fortresses of airlines and hotels falling prey to cyberattacks. At what cost? A staggering 4.45 million U.S. dollars per breach, not to mention the immeasurable damage to consumer trust. There are better ways to make virtual and physical spaces safer against cybercrime.  

Last year’s event at the MGM Grand in Las Vegas serves as a stark reminder that even the largest organisations with formidable security systems are not immune to cyber threats. The high-profile cyber-attack disrupted the company’s operations, causing widespread chaos when ATMs, slot machines, elevators, website, and online booking systems were compromised. The breach led to customer personal information like social security numbers and passport details being accessed by the hackers, resulting in dire financial implications, with an estimated cost of $100 million.  

From small and unthreatening, to sinister. 

The cyber-attack at the MGM Grand began as a result of something that would be overlooked by many and deemed as no threat at the time — a simple 10-minute phone call to the IT department of the MGM Grand. The hackers had obtained an employee’s information from LinkedIn, and proceeded to impersonate them in a phone call to the IT helpdesk, ultimately obtaining the credentials that allowed them to access and attack the system. This news was clear evidence that cyber-attacks can happen to anyone, at any time, and highlights the need for a new approach to security, with the implementation of a robust Identity and Access Management (IAM) framework. IAM is where security starts and there are leading solutions to help maintain the fine balance of security resilience and seamless customer experience, such as the Microsoft Entra product family.  

According to the Cybersecurity and Infrastructure Security Agency (CISA), an alarming 90% of ransomware attacks occur through phishing attempts. In a time where we conduct a vast amount of both business and personal interactions online, the challenge of distinguishing legitimate from fraudulent communications becomes increasingly more challenging.  

The above figure shows the percentage of UK organisations that have carried out the stated activities to identify cyber security risks between 2021 and 2022. (Gov.UK 2022). The highlighted statistic demonstrates that staff training and testing to prepare for phishing attacks is concerningly low considering how pervasive an issue phishing is. These phishing attacks usually attempt to impersonate trusted individuals, rendering even advanced security measures, like multi-factor authentication, ineffective at times against all attacks, leading to the need for a new approach. 

The bigger picture 

In the grand scheme of things, a solution lies in embracing a new approach to identity verification; one that instils genuine confidence in the identities of those we interact with. The part digital identity plays here becomes vital. Putting trust and identity at the core of your security approach ensures that every interaction with your brand, whether originating from within or outside your organisation, is authenticated and can prove they are who they say they are. Prioritising this fortifies a crucial yet often overlooked aspect of your company’s security posture.  

The groundbreaking technologies surrounding digital identity function on a fundamentally different principle compared to conventional methods. As an example, at Condatis we leverage the power of Microsoft Entra to establish a secure and encrypted connection where both parties can mutually authenticate each other’s identities with verifiable credentials before any sensitive information is exchanged.  

Organisations can use the various products offered under the Microsoft Entra umbrella to confirm the identity of who they’re corresponding with and uncover the fraudulent intentions before it is too late. Solutions such as Verified ID can enable organisations to verify an individual’s credentials quickly and securely, and confidently grant the necessary access. Furthermore, Entra ID Governance can be implemented to prevent scenarios like these from occurring by providing precise access control to critical resources while safeguarding assets. Paired with other offerings within the Entra product family, security is substantially elevated, and 99.9% of cyber threats, including phishing, are preventable. 

In an age where the cost of cyberattacks can be devastating, embracing robust identity and access management systems is not just a choice but a necessity. The importance of these solutions cannot be overstated; they offer the assurance needed to trust the identities of those we interact with online, making them a critical component in the defence against cyber threats. Fortify your defences and protect the trust of your customers, ensuring that major incidents like those at the MGM Grand become increasingly rare. 


If you would like to know more about how robust digital identity solutions can strengthen your cybersecurity systems, please get in touch; we’d love to help you.

Get more Content like this straight to your inbox!

Subscribe to stay up to date. You can unsubscribe at any time!

We deliver a dedicated team of identity specialists to assist you throughout your identity journey.

We collaborate with you to ensure a comprehensive understanding of your organisation's requirements. Our specialised team possesses extensive expertise across various identity platforms, enabling us to help you maximise the benefits of Microsoft Entra Verified ID for your organisation.