'Cybercrime eliminates your hospitality'

Digital security is a means and not an end

For a good conversation about ICT and cybercrime, you have always come to the right place with Dave Maasland, CEO of ESET. And, by his own admission his whole life has been "intrinsically motivated on ICT". "I am convinced that technology can be a big part of the solutions we are looking for in society. But, that technology has to be up to scratch. This also applies to entrepreneurs in the hotel sector. Fine to strive for efficiency and innovation. But do it safely and consciously." 

We shaped that good conversation with Dave by asking 5 questions.

1. What grade do you give to the level of ICT knowledge among entrepreneurs in the hotel sector?

"I give a 5. An inadequate one, in other words. Incidentally, that grade also applies to entrepreneurs outside the hotel sector. So this insufficient grade is not hotel sector-motivated. But I am not going to point fingers in a pedantic manner. Because, I am going to nuance that '5' here..."

"Look, entrepreneurs are doing business. Then came corona. Against its will, a digital transformation emerged. Hard choices had to be made. However, security did not appear to be an agenda item at all. It was mainly a matter of survival during that period. Of course, entrepreneurs are not crazy: they knew and did know that in terms of cybercrime there was 'something going on'. But it was not yet acted upon."

"For instance, in those corona days, it was a matter of quickly introducing a new way of working. Whether this was home working systems or - in the hotel sector - processing bookings in a different way... digital risks were just not on the radar. They were not being thought about. But, not thinking about something does not mean it is not there." 

2. What are the three biggest dangers for entrepreneurs?

"First, I nominate digital cardiac arrest. In short, Ransomware! If a company is affected by it, the entire ICT stops working. From booking systems to creating passes. You can then no longer deliver hospitality. You can only restart when you pay off the ransom demanded. Last September, there was a major problem of this nature at NH Hotels. This has had an unprecedented impact on the customer experience."

"The second danger is data leakage. Cybercriminals don't hesitate to simply make data public if you don't pay up. That's what you don't want as an entrepreneur. It can put pressure on your competitive position. After all, your competitors can then also see your data.

You don't want other hotels to find out what interesting deals you have struck with suppliers, do you? Not to mention image damage!"

"Finally, I'll touch on CEO fraud here. Criminals pretend to be the supplier. It's very simple: you then get an e-mail saying that 'the account number has changed'. And so from then on, you start transferring invoices to the wrong account: an immediate loss of money."

3. So we should all work together to raise awareness?

"Absolutely! Of course, you can train the whole organisation but I would rather advocate appointing ambassadors within an organisation. After all, it's better to train a few people very well than to train an entire organisation a little."

"The question then is who you appoint as ambassador. Well, you always have employees in your own company who are interested or already have a certain affinity with computers and data. You should give them the pioneering role. They can inspire their own colleagues. That works better than training imposed from above."

"A good example is that such a DHV'er (Digital Responder) can draw up good protocols. Or, can outline an action perspective. What do you do if you discover your computer has been hacked? Do you turn off your computer Or, do you just turn off the WIFI? But also: who do you report it to if you receive a phishing email?"

4. Will cybercrime get worse in the coming years?

"Yes. Criminals are incredibly professional. They know they can make billions because the whole society is digitising through. They also know that this digital hygiene is not in order everywhere. So, we have to learn to defend ourselves. But you can only do that if you have your affairs in order. We still have a long way to go in this area! Still, I would like to say something positive here: thanks to upcoming legislation and the Dutch cybersecurity strategy, I also state here that we are on the right track. Doomsday thinking is pointless. Acting correctly does."

5. What is the worst case you have seen yourself recently?

"I think of a cyber attack on a family business. That business was already not running very well, but suddenly cybercriminals appeared to have encrypted all the backups. From one day to the next, despair struck. That entire company - from management to employees - went through a lot of hell when a first simple tip could have taken away a lot of misery: always make sure your backups are separate from your online connections. What I saw at that company, I wouldn't wish that on anyone. But I do fear that these kinds of hacks will happen much more often. Also in the hotel sector."