Airlines in the target of cybercriminals
Recently, easyJET, has been news, much to its regret, by the attack of the hackers and consequent theft of the data of its nine million customers, a severe blow to what is already the current situation in which airlines from all over the world are located as a result of the great fall of the tourism sector by the current pandemic of Covid-19.
The protection of customer critical data is not a minor matter and businesses such as the airlines that manage, through e-commerce systems, a large part of the sale of their seats, has the obligation to give, both ethically and regulatorily, the increased confidence and security in each of their transactions.
Like any organization that manages sensitive information, they must be proactive and active in implementing secure solutions that minimize the risks of attacks by hackers.
Sensitive data such as access to credit cards numbers, digital banking credentials and emails, access to passports and other identification documents and other data of interest such as travel details (as has happened to the British company Easy Jet) seriously jeopardize the security of users in addition to the consequent losses or damages that can cause them to impersonate (from making purchases on their behalf to leaving bank accounts in red numbers), attacks directed at them such as Phishing (cybercriminals posing as the airline in question) and fraudulent use of their data by these hackers.
At the same time, reputation and confidence towards these airlines plummets. In addition to causing them notable losses in monetary terms.
As early as 2018 British Airways was a victim of the same sophisticated cyberattack that Easy Jet has suffered, just as happened to Honk Kong’s flag carrier, CathayPacific.
The airline, a subsidiary of the IAG group, was fined by the British transparency and data protection agency to pay 205 million Euros for the theft of its customers’ data.
What should airlines do to protect their sensitive data?
As we have been saying, because of the nature of their business, airlines have access to and manage a huge amount of sensitive customer information and it is crucial that customers are sure that their personal data will not be compromised at any time.
Therefore, if we want maximum security compliance, we must opt for the management and security of the keys of this data through a Hardware Security Module, better known by its acronym HSM. A hardware-based cryptographic device that generates, stores, and protects cryptographic keys in encryption and signature processes.
And to be sure that the cryptographic keys of this device have the best security, it is important that this hardware has the prestigious security certifications internationally.
As I pointed out at the beginning, much of the airline ticket sales are done through their own e-commerce system and, therefore, if an HSM is implemented, the encryption and decryption of each operation carried out by customers through the method of payment gateway is identified and protected from possible theft or tampering attacks.
Every day, the techniques of hackers and cyberattacks are more complex and that is why organizations must take advantage of them in the choice and implementation of the most advanced cybersecurity solutions.
Cybercrime never rests and its criminal activity is growing and becomes more sophisticated and enormous when a sector is more vulnerable, such as the air sector at this moment, one of the most affected by this pandemic.
Cybercriminals check airlines’ cybersecurity if they don’t protect their data through cryptographic hardware (HSM).
The trust that any organization must give its customers for any type of transaction is crucial and for airlines at this moment it is more important than ever since the revival of their sales is vital to their survival.