Staff turnover is something that every company has to grapple with. However, when that turnover is from an already lean cybersecurity team within the hospitality or gaming industries, the impact can be drastic. Not only does it take time to find and onboard replacements, but when working with such a specialized team, where the knowledge base can be compartmentalized sometimes down to an individual, the associated skills leave the team as well.
So how can organizations address the issues surrounding cybersecurity employee retention and the related skills gap? To answer this question we will take a closer look at the causes, greater impacts, and provide actionable recommendations to shore up your teams and cybersecurity.
Combating High Levels of Security Staff Turnover
Staff turnover rates in hospitality are notoriously high. The industry has been plagued by employee retention woes for years, and these issues worsened considerably during and after the pandemic, when many other industries were able to work remotely.
A high level of turnover within security teams brings increased cyber risks to organizations. Gaps in important skills emerge that are both time-consuming and costly to fill. These skills span both technical and strategic/leadership functions, the absence of which leaves organizations in the hospitality space more susceptible to being successfully breached.
In 2019, hotelier Marriott International faced costs of $126 million after a significant breach of its IT systems. Marriot then suffered an additional breach in 2022 after an employee was duped into giving computer access to threat actors.
There are steps that can be taken that increase cybersecurity employee retention rates in hospitality. Offering and incentivizing good retirement or health benefits can make a big difference. Since many employees in this industry, like cybersecurity teams at casinos, can not work from home, even smaller perks, like free food or commuter benefits, can help keep employees engaged.
These benefits don’t always have to cost money. Cybersecurity workers in the hospitality space often feel underappreciated because they are not front and center with their customers. Making people feel recognized at work can be a pivotal way to motivate them to continue working hard for their organization. This desire to be recognized stretches from general security operations positions right up to the CISO level, and should never be underestimated. Sometimes the littlest things make the biggest difference.
Mandatory Encourage Cybersecurity Training and Awareness
If hospitality cybersecurity is to improve, every employee in the organization needs to buy in. By training employees on the safe and proper use of all relevant software and hardware, including point-of-sale (POS) systems and terminals, front desk computers, and property management systems (PMS), you can help lessen the workload for the cybersecurity teams and minimize the chance of human error; this not only takes some weight off a hospitality’s cybersecurity team shoulders but also shows them their is support from an organizational level, which helps with employee retention. Training should encompass common tactics such as social engineering techniques, which play a dominant role in facilitating many hospitality data breaches, and general cybersecurity awareness through regular corporate reminders, checklists, flyers around the premises, and more.
For hospitality cybersecurity teams, offering industry- or vendor-specific training will not only help cover the skills gap, but will help employees feel there is room for growth. One study found that employees with professional development opportunities have 34% higher retention. Providing these opportunities offers another avenue to incentivize security staff to stay.
Finding the Balance
One of the biggest difficulties in strengthening hospitality cybersecurity coverage is that threat actors don’t operate on a 9-5 schedule. While most hospitality organizations don’t follow this schedule either, the average casino, restaurant, or hotel may only have a couple of well-trained IT security personnel; this level of human resources is not sufficient to manage the sophistication and volume of modern cyber threats, not to mention cover shifts on nights, weekends or holidays.
Complicating matters further is the infrastructural complexity of hospitality IT environments. Take cybersecurity for casinos as a poignant example. As a $44 billion-sized industry, threat actors have their eyes on a very big prize. In fact, the cybersecurity threats to casinos are so high that the FBI Cyber Crime Division issued a private industry notification in November 2021 highlighting growing ransomware risks to tribal casinos. The FBI notice followed a similar warning earlier in 2021 from the National Indian Gaming Commission that cyber attacks on tribal casinos have jumped 1000% since 2021.
Digital transformation strategies have seen huge operational shifts in casinos, with moves towards cloud computing and online gambling services. SaaS applications replace many on-premise systems while cloud file storage services offer more cost-efficient ways to store databases. However, if these aren’t setup and maintained properly, which can be a struggle given the current global cybersecurity skills gap, they could be an easy way in for a threat actor.
When a hospitality cybersecurity team relies solely on an in-house staff, there is continued risk of employee turnover. When someone leaves, filling the role is difficult enough, but onboarding and gaining company-specific knowledge takes time that hospitality businesses can’t afford. It takes a long time to glean the experience and knowledge required to truly understand the infrastructural intricacies of hospitality networks, apps, and security processes. That is why many hospitality organizations are now looking to find a cybersecurity partner, keeping their strengths in-house and outsourcing the rest. Services such as 24/7 security operations center (SOC) monitoring, detection and response can provide a huge relief to an overworked internal team.
How Proficio Helps Mitigate The Skills Gap in Hospitality
Proficio’s range of managed security services can help casinos, restaurants, hotels and others in the hospitality industry mitigate the impacts of a continued cyber skills gap. Our global network of SOCs provides around-the-clock expert monitoring, investigating, and triaging of suspicious events. With additional services, such as automated response and Risk-Based Vulnerability Management, Proficio can help your team catch cyber threats before they damage your organization. To learn more,…