Cybersecurity Threats Are Growing in Travel and Transportation

IBM Security issued new research highlighting that the travel industry and its customers are increasingly the targets of cyberattacks as criminals seek to monetize highly valuable travel data. Compounding the problem, a new survey, conducted by Morning Consult, reveals that travelers are still blind to the risks they face on the road.

The survey found that only 40% of respondents believed it was likely they would be targeted for cybercrime while traveling, yet 70% are engaging in high-risk behaviors while on the road. Attacks in the travel and transportation industry are becoming more frequent, opening already unwary travelers to cybersecurity threats during their journeys. According to the 2019 IBM X-Force Threat Intelligence Index, the transportation industry has become a priority target for cybercriminals as the second-most attacked industry, up from tenth in 2017, attracting 13% of observed attacks. Since January 2018, 566 million records from the travel and transportation industry have been leaked or compromised in publicly reported breaches.

"Traveling has always been when people are more vulnerable. A few hundred years ago, the perpetrators were pirates or highwaymen. Now those criminals are still out there, but they've changed their methods to focus on digital attacks instead," said Caleb Barlow, Vice President of X-Force Threat Intelligence at IBM Security. "People carry a goldmine of data when traveling including passports, payment information and detailed travel itineraries. When placed in the hands of a cybercriminal, all of this information can be patched together into a complete picture of the traveler's life to inform identity theft, initiate spear phishing attacks, or be sold on the dark web.

Traveling can make people more vulnerable to security threats than they are at home. On the road, people tend to be distracted and overwhelmed, often opting for convenience over security. At home, they may have safeguards like controlling physical access to devices and setting up firewalls to prevent digital intrusions, but on the road, they might be more exposed.

Morning Consult conducted an online survey to understand exactly how much risk travelers expose themselves to while away from home, and found most Americans engage in high-risk behaviors while traveling. More than 70% of Americans surveyed have connected to public Wi-Fi, charged a device using a public USB station, or enabled auto-connect on their devices which puts their information at risk. Business travelers are even more likely to engage in risky behaviors. Nearly half (45%) of business travelers carry a device with valuable or sensitive information on it, yet business travelers admitted much more frequently to risky behaviors such as connecting to public Wi-Fi, charging a device using a public USB station and enabling auto-connect on their devices.

Travelers are acutely aware of the risks to their financial information with more than half of those surveyed saying that they are extremely or very concerned that their credit card (53%) or other sensitive digital information (52%) will get stolen when traveling. That number drops significantly when they are not traveling, with only 40% similarly concerned that financial information will be stolen at home and 41% that their digital information will be stolen at home.

As the 2019 summer travel seasons begins, it is important for travelers and travel and transportation companies to understand the threats facing them and take precautions to help protect their sensitive data. Cybercriminals are drawn to the travel industry because of the wealth of data it holds and the economic value it drives.