If a criminal can breach a system in the restaurant, they also have access to the front desk, the spa and any other connected system. The risk is even greater when hotels are part of a hotel chain with interconnected systems.
Franchise businesses are particularly at risk primarily because franchises tend to have the same POS system duplicated at all locations. If a cybercriminal can figure out a way to breach one, in all likelihood, they can replicate the attack at other locations.
In 2011, Trustwave SpiderLabs conducted 42 percent more data breach investigations than in the previous year. More than 85 percent of these data breaches occurred in the food and beverage, retail and hospitality industries.
Why the focus on these industries? There are several reasons, but the number one is that they all process credit cards. In our investigations, we found that the vast majority of assets targeted by criminals were point-of-sale software systems (75 percent of cases). Think of the scenario of a hotel that maintains a restaurant, a spa, as well as other services all connected to one POS system.Â Weâ€™ve investigated cases where the criminal breaches the environment at one location and was in turn able to connect todozens of others through the wide area network used by the hotel chain.