Featured Image

Combatting the Rising Tide of Cyberthreats to Travel and Tourism



Pandemic-driven challenges have made it difficult for businesses in travel and tourism to keep pace with escalating cyberthreats. Cloud-based security solutions can strengthen IT security immediately.

The pandemic has been particularly brutal to travel and tourism. Demand for flights fell by more than 65%1 in 2020, and the US hotel industry suffered its worst year ever2, with an occupancy rate of just 44%.

Revenue plummeted by an estimated $265B globally3, more than 37% below the prepandemic forecast. 2021 was not much better4, with modest improvements in some regions and continued decline in others. The World Tourism Organization has predicted a full recovery will have to wait until 2024.

With resources stretched impossibly thin for so long, IT security investments have dropped substantially below other industries. One study ranked travel and tourism dead last5 in cybersecurity spending – well behind leaders such as financial services and healthcare, and ahead only of “other.”

Partly as a result, the industry has been called out for failing to take data security seriously. A 2020 investigation, for example, concluded that travel industry websites were “laughably insecure6”, and that companies needed to strengthen their security protections.

Cybercriminals are opportunists, and they are making the most of this one. The travel industry saw a year-over-year increase of 155.9%7 in online fraud attempts in 2021, followed in 2022 by a 60% boost in overall cyberattacks8.

The industry itself has recognized the need to improve IT security. An April 2022 report from the World Travel & Tourism Council focused on the need to address IT security risks9 by securing customer and industry data and business operations.

But resources remain a challenge. Strengthening a traditional on-premise security infrastructure in a sprawling, complex digital environment places significant demands on IT staff and requires substantial capital expenditures. Few companies in the industry can focus on these areas as they work to rebuild their business and revenues.

Travel companies are turning to cloud-based security solutions. These powerful tools provide sophisticated protections managed by experienced teams relieving the pressure on overworked cybersecurity teams and not requiring major CapEx outlays.

They add a critical layer of defense that can intercept and counter a broad range of threats before they penetrate a company’s network, strengthening security for data and digital assets wherever they are hosted, in datacenters or the cloud. And because providers continually upgrade their offerings to match evolving threats, cloud-based solutions deliver continually improving protection.

1. Protecting web applications In 2021, 50% of all web applications were vulnerable10 to attack. They are the overwhelming choice for hackers, serving as the primary vector in almost 90% of breaches11. Web apps are difficult to defend effectively because they must be accessible to multiple users from multiple networks, making them inherently vulnerable.

That’s why a cloud-based web application firewall (WAF) has become an essential defense. A WAF effectively counters application layer threats with flexible, always-on protection that covers web applications in data centers and the cloud. Key capabilities in an effective managed solution include:
  • Preconfigured protections against common threats such as the OWASP top 10, updated automatically as new threats emerge to protect against zero-day threats.
  • Flexible security options including both negative and positive security, with easy-to-manage capabilities to customize protection such as rule recommendations based on actual traffic.
  • Full visibility into application traffic across your environment, with flexible reporting and logging features.

2. Mitigating all DDoS attacks A DDoS (Distributed Denial of Service) attack blocks access to your website, shutting down your online business, disrupting use of business applications, and in some cases demanding extortion payments. DDoS attacks are a familiar threat, but today they are more sophisticated, more intense, and far more frequent. Our security operations center (SOC) saw a 3x increase in attacks in 2021 and the growth has continued throughout 2022.

A dedicated, cloud-based DDoS mitigation service is the most effective countermeasure you can employ to protect your business, your income and your reputation from attacks of any size, length or intensity. Capabilities to look for include:

  • Outstanding scrubbing capacity through a global mitigation platform able to absorb the largest attacks, with multiple tier 1 internet network providers for redundancy.
  • Advanced orchestration platform that interconnects with customer networks and with on-premises solutions for near-instantaneous response, with AI-driven automation to manage defense in depth.
  • Flexibility in protection and service configurations, including always-on, on-demand, and hybrid options.

3. Detecting and managing malicious bots Your website is critical to building back bookings and business – but it’s also a prime target for malicious bots12. Threats include web scraping, which can impact up to 18% of website revenue13 for travel companies; fraud through credential stuffing and carding; and inventory hoarding that skews KPIs and prevents real bookings.

Effective bot detection and management shuts down these threats and stems the losses. A cloud-based solution delivers sophisticated capabilities to detect and identify malicious bot traffic across your network, with updates to automatically add protection against evolving bot capabilities and signatures. The most effective solutions incorporate:

  • Multiple techniques to detect bots, including IP data, device fingerprinting, rate limits and transactions per second.
  • Flexible options to customize and apply additional identification safeguards and to categorize and fingerprint bots for ongoing management.
  • Effective tools to manage flagged bot traffic, including delaying or redirecting traffic or blocking it altogether.

4. Protecting your DNS Your DNS service is the critical first step in every fast, safe, and satisfying experience and transaction your website provides. But it can also be a target or vector for a wide range of damaging attacks. 72% of companies suffered a DNS attack14 in the 12 months ending in Q4 2021, with an average cost of $950.00015.

Cloud-based authoritative DNS services protect access to your website and your network assets, while providing strong defenses against threats that use DNS as a vector. Managed services ensure reliable, trouble-free navigation for customers and partners, and simplify the work of managing constantly changing DNS configurations. Your service should include:

  • Effective security features to protect both DNS availability (integrated DDoS protection for DNS resolvers) and network assets (robust, user-friendly DNSSEC).
  • Outstanding performance and reliability including a global infrastructure for the fastest possible query responses and an overprovisioned, fault-tolerant platform.
  • The highest level of service redundancy through a dual authoritative DNS network that provides geographic, network level, transit, and operational redundancy.

Neustar Security Services delivers all these critical protections for businesses in travel and tourism with an integrated suite of cloud-based security solutions. All are monitored and supported by experienced IT security professionals in our 24/7 security operations center (SOC) and backed by outstanding customer support. Professional services are available to assist in installation and configuration and maximize their value to your business.

Learn more about strengthening your protections against significant threats with powerful, comprehensive cloud-based solutions tailored for the needs of the travel and tourism industry.


2. NPR
3. Hotel Tech Report
4. Reuters
5. Fortune Business Insights
6. Computer Weekly
7. SmartBrief
8. Travel and Tour World
9. Travel Pulse
10. Venture Beat
11. Verizon
12. Forbes
13. PerimeterX
14. Help Net Security
15. BusinessWire

Let's stay in touch! Get exclusive threat research, company and cybersecurity insights - delivered to your inbox once a month


Under DDoS Attack? Relief Begins Here!