Does tech innovation improve your holiday - or endanger it?

We love how we can book a holiday, check in our flight and keep tabs on disruptions easily on our phones, but there’s increasing incidence of tech failures catastrophically impacting our travel

It’s great that these days the key to our hotel room is likely to be credit card-sized rather than a heavy metal key on a bulky keyring, that we can get real-time info on traffic delays, book a last-minute hotel room or quickly autofill those pesky forms.

So many areas of travel have been greatly enhanced by technology, such as translation and weather apps, flight trackers, facial recognition software replacing far slower manual passport immigration checks, our boarding card on our phone, and Apple AirTags tracking our luggage.

These tech advancements are all great when they work well, but a complete nightmare when they don’t. And there are increasing incidences where when the technology goes wrong, we can be severely impacted - and financially endangered.

For example, last September thousands of hotel guests were locked out of their rooms at MGM Resorts in Las Vegas when their key cards went offline. They also couldn’t use ATMs, or order room service or use restaurants unless using cash.

The same month the UK saw its biggest air traffic control meltdown in 20 years, resulting in more than 2000 flights being cancelled. It is thought that just one incorrect flight plan caused it. Delta, Southwest and British Airways are just some of the airlines that have recently been plagued by IT failures, and there have been a host of air traffic control glitches too, all causing scores of flight cancellations. Software updates don’t help: one in July by global cybersecurity firm Crowdstrike caused thousands of flight cancellations.

“The travel industry’s digital transformation journey throughout the last decade has now completely revolutionised the customer experience,” says Debrup Ghosh, senior manager at the Synopsys Software Integrity Group. “Now, essentially everything vacationers need to do during their trip, whether it’s hailing a rideshare app or checking into their room can be done on a mobile device. Technology is deeply intertwined in the entire experience, which means that a single exploitable vulnerability found in one of the travel industry’s major vendors can spark a software supply chain attack that can impact a significant amount of travellers around the world.

“It's now absolutely critical for organisations within the travel industry to continually assess their software supply chain’s security posture and invest in tools that can help prevent incidents that may deeply impact their reputation and bottom line. Additionally, it is also important to have operational backups available for critical systems where possible to ensure that, when a crisis does occur, there are procedures in place to keep the business running and customers happy while security teams work to mitigate the issue.”

Erfan Shadabi, cybersecurity expert at comforte AG believes that cyber threats in travel are definitely becoming more frequent, sophisticated, disruptive and dangerous.

“The rapid digitisation of the industry, coupled with the increasing dependence on interconnected systems and the storage of vast amounts of sensitive customer data, has made it a prime target for cybercriminals,” he says. “The sheer volume of cyberattacks on travel-related organisations has been on the rise, targeting hotels, airlines, travel agencies, and travellers themselves. Cybercriminals are continually evolving their tactics, techniques, and procedures to bypass traditional security measures. Advanced persistent threats, zero-day vulnerabilities, and social engineering attacks are becoming more prevalent, making it challenging for organisations to defend against these threats.”

Charlie Barr, Team Leader at Pentest People says: “There is substantial evidence to suggest cyberattacks against the travel industry are significantly on the rise. Research suggests attacks against the leisure and tourism sector increased by 60% just between June 2021 and June 2022. And over the past 12 months, numerous international airlines have confirmed that they've fallen victim to high-profile data breaches and cyber attacks, including TAP Air Portugal, Scandinavian Airlines, and American Airlines.

“This is most likely due to a combination of factors, mainly that, although tourists and airline companies provide profitable targets, the attacks used to exploit these targets can be simple and unsophisticated. For example, creating a fake webpage or distributing phishing emails is relatively simple from a technical perspective, but a phishing campaign of this nature could easily be used to extract information regarding bank card and passport details from tourists.”

Says Jamie Akhtar, co-founder and CEO at CyberSmart: “There’s no doubt that the travel industry represents a golden opportunity for cybercriminals. Due to the nature of the industry, most providers are processing huge quantities of personal data – hugely valuable to criminals. And, for those hackers who are looking to cause maximum disruption, there are few things noisier than ruining thousands of holidaymakers' and business people's travel plans.

“What’s more, it’s clear that cybercriminals are becoming ever more inventive in the way they attack travel and tourism businesses. For example, take the case of an unnamed casino in North America, reported by Darktrace. Hackers exploited a vulnerability in the casino’s IoT-connected thermostat to breach its network. Once in, they managed to access a database containing the personal details of thousands of gamblers and then used the thermostat as a means of stealing the data.”

Says Dr Klaus Schenk, senior vice president of security and threat research at Verimatrix: “In the near future, it's likely that manual back-ups to technology will remain, limiting vulnerability. As AI and automation expand, the risks may increase. If humans are removed from key roles like piloting, medicine, or infrastructure control, the damage from system failures could be severe.

“For example, if medicine becomes highly automated by AI, a breakdown of these systems could be catastrophic, plunging medical care back to medieval standards since humans will have lost the expertise to practice medicine manually. The most dystopian scenarios will only happen once IT and AI completely take over tasks that humans can no longer perform themselves. Total dependency on technology leads to total vulnerability. Maintaining human capabilities alongside automated systems can help provide resilience against failures.”

The advancement of technology provides many benefits for the average consumer when it comes to travel - but beware, says Charlie Barr.

“Mobile phone apps alone contain a plethora of convenience, all on a single device. But from a cyber security perspective, the over-reliance on a single app provides a crippling weakness for industry providers, as a single ransomware attack or denial of service can completely dismantle a travel company's business, as was evidenced in the attack against Scandinavian Airlines, where hackers took down the website and app and demanded increasingly larger sums of money as ransom, from thousands to hundreds of thousands, to millions of US dollars.”

Jamie Akhtar: “A real area of concern is supply chain attacks. The travel sector is incredibly reliant on its supply chains, and hackers know this. We expect to see more attacks on the small suppliers who work with large airlines and travel vendors as targeting them is often simpler for would-be cybercriminals.

“We can’t ignore the threat posed by nation-state actors. We’ve seen plenty of examples of nation-state attacks on critical infrastructure in the last few years and, unfortunately, the travel industry is very much a target in this regard.”

However, Zane Bond, Head of Product at Keeper Security thinks that despite everything, modern technology has greatly improved travel.

“While major disruptions like air traffic control shutdowns and booking outages can happen, they are the exception, rather than the rule. The more likely scenario is that you will receive push notifications to alert you of flight cancellations, emails about in-flight options and text messages to check in faster, among other things.

“Think back to thirty years ago, when travellers had to just sit at the airport waiting for an announcement over the intercom to inform them something went wrong.”