SITA, a company specializing in air transport IT and communications, released its ‘2019 Air Transport IT Insights’ report. Several sections of the report focus on cybersecurity at both airlines and airports. In an interview discussing the findings with Intelligent CIO, a cybersecurity magazine, Joe Carson, Chief Security Scientist and Advisory CISO at Thycotic, singled out the need to respond to the threat of account takeovers and loyalty fraud as critical to airlines’ strategies.
“Most attacks to date on the aviation industry have been financial fraud related such as business email compromise and invoice fraud or cyberattacks that impacted booking systems and loyalty rewards programs stealing millions of airmiles from customers,” he said.
Key findings of the report include:
9.64% of airline IT budgets will be spent on cybersecurity
72% of airlines will prioritize investments in better collection and analysis of ‘threat intelligence’
95% of airports globally have cybersecurity initiatives
84% of of airports globally run a major cybersecurity plan
79% of airports globally view investing in employee awareness and training about cybersecurity threats as a priority
Carson also discussed fraudster tactics, highlighting the fact hat despite the high-tech nature of the threat, airlines must not lose the forest through the trees. Specifically, he emphasized that fraudsters continue to search for the path of least resistance when committing cyber crime. Even with advanced AI eCommerce fraud and other tactics on the rise, that remains human employees. That is true due to the possibility for human error arising from the failure to follow proper security due to either mistakes, oversight, or a failure to spot threats.
“The aviation industry, while advancing quickly and continuously improving services, must not forget the basics and cybersecurity best practices,” he said. “These are sometimes overlooked and, in most situations, cybercriminals will look for the easiest, cheapest and stealthiest way to gain access to critical systems and this means abusing human trust.”
Sources:
https://www.sita.aero/resources/type/surveys-reports/air-transport-it-insights-2019
https://www.intelligentcio.com/eu/2019/11/18/cybersecurity-and-aviation-combatting-the-key-threats/