Tag Archive for: tips

Solving the Challenge of Cybersecurity Employee Retention and Skills Gaps in Hospitality

Staff turnover is something that every company has to grapple with. However, when that turnover is from an already lean cybersecurity team within the hospitality or gaming industries, the impact can be drastic. Not only does it take time to find and onboard replacements, but when working with such a specialized team, where the knowledge base can be compartmentalized sometimes down to an individual, the associated skills leave the team as well.

So how can organizations address the issues surrounding cybersecurity employee retention and the related skills gap? To answer this question we will take a closer look at the causes, greater impacts, and provide actionable recommendations to shore up your teams and cybersecurity.

Combating High Levels of Security Staff Turnover

Staff turnover rates in hospitality are notoriously high. The industry has been plagued by employee retention woes for years, and these issues worsened considerably during and after the pandemic, when many other industries were able to work remotely. 

A high level of turnover within security teams brings increased cyber risks to organizations. Gaps in important skills emerge that are both time-consuming and costly to fill. These skills span both technical and strategic/leadership functions, the absence of which leaves organizations in the hospitality space more susceptible to being successfully breached. 

In 2019, hotelier Marriott International faced costs of $126 million after a significant breach of its IT systems. Marriot then suffered an additional breach in 2022 after an employee was duped into giving computer access to threat actors. 

There are steps that can be taken that increase cybersecurity employee retention rates in hospitality. Offering and incentivizing good retirement or health benefits can make a big difference. Since many employees in this industry, like cybersecurity teams at casinos, can not work from home, even smaller perks, like free food or commuter benefits, can help keep employees engaged. 

These benefits don’t always have to cost money. Cybersecurity workers in the hospitality space often feel underappreciated because they are not front and center with their customers. Making people feel recognized at work can be a pivotal way to motivate them to continue working hard for their organization. This desire to be recognized stretches from general security operations positions right up to the CISO level, and should never be underestimated. Sometimes the littlest things make the biggest difference.

Download the Cybersecurity Guide for the Hospitality Industries to get more insights and tips into securing your organization from cyber attacks.


Mandatory Encourage Cybersecurity Training and Awareness

If hospitality cybersecurity is to improve, every employee in the organization needs to buy in. By training employees on the safe and proper use of all relevant software and hardware, including point-of-sale (POS) systems and terminals, front desk computers, and property management systems (PMS), you can help lessen the workload for the cybersecurity teams and minimize the chance of human error; this not only takes some weight off a hospitality’s cybersecurity team shoulders but also shows them their is support from an organizational level, which helps with employee retention. Training should encompass common tactics such as social engineering techniques, which play a dominant role in facilitating many hospitality data breaches, and general cybersecurity awareness through regular corporate reminders, checklists, flyers around the premises, and more. 

For hospitality cybersecurity teams, offering industry- or vendor-specific training will not only help cover the skills gap, but will help employees feel there is room for growth. One study found that employees with professional development opportunities have 34% higher retention. Providing these opportunities offers another avenue to incentivize security staff to stay. 

Finding the Balance

One of the biggest difficulties in strengthening hospitality cybersecurity coverage is that threat actors don’t operate on a 9-5 schedule. While most hospitality organizations don’t follow this schedule either, the average casino, restaurant, or hotel may only have a couple of well-trained IT security personnel; this level of human resources is not sufficient to manage the sophistication and volume of modern cyber threats, not to mention cover shifts on nights, weekends or holidays. 

Complicating matters further is the infrastructural complexity of hospitality IT environments. Take cybersecurity for casinos as a poignant example. As a $44 billion-sized industry, threat actors have their eyes on a very big prize. In fact, the cybersecurity threats to casinos are so high that the FBI Cyber Crime Division issued a private industry notification in November 2021 highlighting growing ransomware risks to tribal casinos. The FBI notice followed a similar warning earlier in 2021 from the National Indian Gaming Commission that cyber attacks on tribal casinos have jumped 1000% since 2021.

Digital transformation strategies have seen huge operational shifts in casinos, with moves towards cloud computing and online gambling services. SaaS applications replace many on-premise systems while cloud file storage services offer more cost-efficient ways to store databases. However, if these aren’t setup and maintained properly, which can be a struggle given the current global cybersecurity skills gap, they could be an easy way in for a threat actor.

When a hospitality cybersecurity team relies solely on an in-house staff, there is continued risk of employee turnover. When someone leaves, filling the role is difficult enough, but onboarding and gaining company-specific knowledge takes time that hospitality businesses can’t afford. It takes a long time to glean the experience and knowledge required to truly understand the infrastructural intricacies of hospitality networks, apps, and security processes. That is why many hospitality organizations are now looking to find a cybersecurity partner, keeping their strengths in-house and outsourcing the rest. Services such as 24/7 security operations center (SOC) monitoring, detection and response can provide a huge relief to an overworked internal team. 

How Proficio Helps Mitigate The Skills Gap in Hospitality

Proficio’s range of managed security services can help casinos, restaurants, hotels and others in the hospitality industry mitigate the impacts of a continued cyber skills gap. Our global network of SOCs provides around-the-clock expert monitoring, investigating, and triaging of suspicious events. With additional services, such as automated response and Risk-Based Vulnerability Management, Proficio can help your team catch cyber threats before they damage your organization. To learn more,…

Ten Tips for Restaurant POS Cybersecurity

Point of Sale (POS) systems are a critical part of the restaurant industry infrastructure. They are used significantly on a daily basis, transporting the financial life blood of the establishments that implement them. Given the important business function these systems do, it is critical to have strong POS cybersecurity practices in place for these systems to ensure they are secure from cyberattack and keep your customers sensitive data safe. In order to maintain a strong security posture you must also understand the processes bad actors use to attack your POS system. We take a look at some common methods attackers may utilize and provide our top ten tips on shoring up your POS cybersecurity so you can keep your sensitive data secure.

The Blueprint of a POS Cyberattack

You may wonder – how easily can POS systems be attacked? POS systems are considered soft targets to attackers. While there may be security measures in place at the endpoint (ex. card readers) and at financial institutions, vulnerabilities often remain in the connection between POS workstations and organizational servers. A skilled attacker will use the line of communication between the two to gain access to the area within a network they are targeting. When they target a POS system, it typically takes place in three phases: infiltration, lateral movement, and exfiltration. Let’s take a deeper look in those these attacks occur:

Phase One: Infiltration

Often, a cyber attacker doesn’t directly target the POS system. They will instead look to get into to the organizations network and then leverage different tactics to gain access to their sensitive data hosted on the POS system. Techniques may include exploit kits via browser attacks, stolen credentials, or compromised 3rd party applications. However, most commonly, successful attacks are carried out via phishing campaigns containing a malicious attachment or link to a website that installs a backdoor onto the target’s device once clicked by the employee.

Phase Two: Lateral Movement

Once an attacker has gained access to the company network, they likely won’t have immediate access to the POS system. To reach their goal, a cyberattack on your POS, they will utilize a variety of tools to map your network and locate the systems that contain sensitive data. Attackers will search for vulnerabilities in these systems or try to gain access by obtaining user credentials. Malware is then placed within the accessed POS system and remains there, quietly gathering as much of your customer data as possible. Since attackers are looking to maximize the amount of valuable data they can capture, the infection implements stealth and persistence tactics to remain on the system and avoid detection by the most basic security measures.

Phase Three: Exfiltration

Once there is a successful cyberattack on your POS system, attackers will go to work collecting sensitive information. Data successfully scraped will then be sent to a friendly server, one that your POS system communicates with regularly, to avoid detection. The data will be stored there until the attacker is ready to transfer the data to an external system where they can freely access customer data including credit card numbers and other personal information your POS system collects. And not long after, that data will be available on the dark web…

Why POS Cyberattacks are Common

Unfortunately, in many instances, POS systems are vulnerable to attacks because they are not properly maintained or setup with security in mind. This might be due to lack of staff, or perhaps organizations don’t know how commonly POS are the target for cyberattacks; this often leads to platforms running on legacy or unpatched operating systems (OS) or using standard antivirus software that is minimally effective against bad actors. It’s easy to fall into the false sense of security that the system is running, and you can’t “see” any issues – and that’s what many cybercriminals are hoping for.

In today’s dynamic threat landscape of unknowns and zero-days, traditional antivirus alone is rarely considered enough POS cybersecurity. According to a Verizon Data Breach Report, 90% of cyberattacks on the hospitalities and restaurant industries involve POS, which is why it’s critical that organizations using POS systems take extra steps to ensure their systems are secure.

Here are our ten tips on improving cybersecurity for POS systems:

  1. Perform Regular Tests

Run vulnerability scans and testing to identify weakness in your systems. If vulnerabilities are found, be sure to implement procedures and protections to address them as it’s critical to close these back doors quickly.

  1. Update and Patch Systems

Keeping your network, systems, and applications up-to-date will ensure that you have proper protections from known threats and vulnerabilities. The longer you wait to patch or update, the more opportunity an attacker has to successfully exploit that vulnerability on your system. Prioritize vulnerabilities so you’re maximizing your efforts to keep your networks secure.

  1. Whitelist Applications

A simple, yet often missed security step, is whitelisting approved sites. By whitelisting applications on your POS,  you are ensuring that only those required to run your system safely and effectively are active. Those that are not essential to the functionality of your POS should not be whitelisted (ex. web browsers and email). This prevents attackers from exploiting these vulnerable applications which could potentially give them access to your system.

Download the Cybersecurity Guide for the Hospitality Industries to get more insights and tips into securing your organization from cyber attacks.


  1. Enable Multi-Factor Authentication (MFA)

We all know it’s best practice to use complex, phrase-based passwords. Adding another form of authentication to the user authentication process will help prevent bad actors from fully gaining access via illicitly obtained user credentials.

  1. Require End-to-End Encryption

POS systems typically include encryption for any data it is storing; however, the data will still be vulnerable while in transit. Using a payment gateway that leverages end-to-end encryption will ensure your customers data is encrypted from transaction to the gateway, closing that gap for any cyberattackers looking to grab your data in transit.

  1. Use Tokenization

Tokenization allows you to replace credit card data from the POS terminal with a token or reference number. That means that, in the event of a POS cyberattack, the only data the cybercriminals get are the token/reference numbers – and those have no value outside of your system.

  1. Ensure System Visibility

It is critical to always maintain high-level visibility of your entire POS system, including all terminals and network applications. This will allow you identify early threats or security policy violations by tracking activity and locations of perimeter devices and running network/system applications.

  1. Reach and Maintain Top to Bottom PCI Compliance

The Payment Card Industry Data Security Standard (PCI DSS) has a set of requirements governing the safe handling of all credit card processing and information by merchants. Use these 12 requirements for PCI DSS compliance to guide your security practices:

  1. Use and maintenance of firewalls
  2. Configure passwords and settings (do not use vendor supplied)
  3. Protect stored cardholder data
  4. Encrypt transmission of cardholder data
  5. Use and regularly update anti-virus software
  6. Update and patch systems
  7. Restrict access to cardholder data
  8. Unique IDs to each individual will computer access
  9. Restrict physical access to cardholder data
  10. Implement log management
  11. Perform vulnerability scans and penetration tests
  12. Documentation and risk assessments
  1. Employee Training

In many cases, the initial infiltration by a bad actor is through an action or inaction of a member of the staff with access to your network. A large portion of these are not malicious acts by the employee (ex. an insider threat) but due to a lack of understanding security best practices and possible shortcomings in training. Available funding to bolster cybersecurity is a challenge for some organization; however, it does not mean that you are left stripped with little defenses. Your first line of defense are your employees. Proper and ongoing training of your staff can help them identify suspicious activity such as a phishing campaign and stop an attack before it starts. Training should include using secure passwords, how to identify social engineering attacks, and other security best practices specific to your organization and its handling of sensitive customer data.

  1. Find a Partner and Robust Cybersecurity Solution

The cost and staff required to maintain a strong security posture is a challenge for many restaurants. Even when cost is not an issue, having enough security staff on hand to combat threats around the clock is not always possible. These issues can be mitigated by partnering with a security provider that can provide customized solutions to meet your individual security needs. Look for providers that can manage your security systems, monitor for threats, and provide immediate action should an event be identified. They should also be able to provide insights into best practices for your industry as well as recommendations for supplemental applications and systems.


Proficio as a Partner

Proficio offers a range of security services for a scalable and efficient way to address your security gaps in your POS cybersecurity. We can help you meet or exceed the PCI standard requirements and provide a range of services, including: Managed Firewall Service, Active Defense for automated response, and Managed Endpoint Detection and Response.


Contact Proficio to learn how we can help with your POS cybersecurity.

Five Tips for Selecting a Managed Detection and Response Service Provider

Relentless threat actors and complex technology stacks make it challenging for IT teams to keep up with the volume of cybersecurity threats – and even more difficult to respond to them rapidly. Compounding matters is the tight cybersecurity labor market characterized by too many job openings and a growing talent shortage. In this environment, security leaders are increasingly partnering with Managed Detection and Response (MDR) service providers for cost-effective 24/7 security monitoring and breach prevention. 

The growth in demand for MDR services is attracting new entrants such as commodity resellers looking to pivot to a services business model. When evaluating providers from the pool of new and established players, vendor selection can be difficult as many claim similar capabilities. While reputable analysts, like Gartner, have helped narrow the field by recognizing some of the top organizations offering MDR capabilities, here are our five key requirements to look for when selecting a Managed Detection and Response service provider:  

Rapid Response Capabilities 

Organizations must be able to effectively detect and respond to threats around-the-clock regardless of whether it is an evening, weekend or holiday. One of the main motivations behind partnering with an MDR service provider is to improve your company’s security posture with a team that can quickly respond to and contain security threats.  

While most organizations can only investigate and respond during business hours, the ability to quickly contain threats on a 24/7 basis is crucial to any organization. Automated response capabilities provide incident responders time to further investigate and remediate before there is a serious breach. While many MDR service providers claim they offer response services, not all capabilities are equal. Some providers only focus on accelerating response times for your security team through actionable guidance and recommendations, relying on a manual action to contain a threat.  

True MDRs have developed automated and/or semi-automated containment capabilities, such as isolating infected host systems or blocking IP addresses. An effective service provider will correlate high-fidelity events to detect indicators of attack as well as help you determine what actions best align with your business requirements and the type of automated remediation that will be most effective. Secondary validation plays an important role to reduce the risk of responding to false positives, especially where business critical users or operations could be affected.  

Given that the use of identity-based attacks and credential abuse are growing rapidly, and frequently at the core of ransomware and supply chain breaches, advanced response offerings should also protect users’ identities. Identity Threat Detection and Response solutions can suspend a user account when an identity-based threat is detected.  

When selecting a Managed Detection and Response service provider, make sure you know what level of response capabilities you want in a provider and find one whose capabilities extend beyond mitigation guidance into response actions. Industry leading MDR providers combine Endpoint Detection and Response (EDR) and Extended Detection and Response (XDR) to maximize protection from targeted attacks. 

Support for Cloud Environments 

Motivated by cost savings, greater flexibility, and more efficient collaboration, businesses continue to adopt and expand their cloud infrastructure. In fact, a majority of businesses planned to host or move more than 50% of their workloads in the cloud over the next 12-18 months. However, while there are many benefits of moving to the cloud, the complications of setup can be overlooked. Issues such as misconfigurations, API vulnerabilities, account compromise, and malicious insiders all pose threats to the security of your environment and your sensitive assets hosted in the cloud. 

Given that cloud infrastructure can pose a risk to organizations, how can you work with your MDR provider to secure these assets? When sourcing a suitable provider, it’s best to look at the amount of cloud support that a provider offers. One that has limited monitoring capabilities for cloud environments may leave a significant part of your IT infrastructure unprotected, unmonitored, and exposed to threats that you won’t have visibility into. In addition, some MDR service providers may be able to help guide you in best practices for proper setup and maintenance, ensuring your cloud environments aren’t being left open to cybercriminals. 

At a minimum, select a Managed Detection and Response service provider that supports the three main public cloud vendors—AWS, Azure, and Google Cloud Platform. They should not only be able to monitor these critical log sources but also have experts on their team who can provide guidance. If your organization is using virtual servers and firewalls, find a provider who can manage these and help you implement best practices, so you can ensure your cloud hosting platform of choice is set up to vendor recommended standards.  

If you host your own SIEM, using a vendor such as Splunk Cloud, seek out an MDR provider that has the capability to work with that type of system as well. They should have a team of certified experts on the platform, dedicated to helping maximize the value of your investment.  

Detection in Depth 

While tools such as Intrusion Prevention Systems (IPS), anti-virus solutions, and firewalls, strengthen your perimeter, they may not be enough to keep your networks secure from advanced cyberattacks. Many of today’s cyber threats, like ransomware, are complex, multi-phased attacks that often evade perimeter controls and can lurk undetected for a long period of time. That is why it’s essential to use a combination of narrow-band and broad-band approaches to best detect adversarial actions. This additional visibility allows providers to better detect and discover threat activity, such as ransomware pre-cursor activities. 

This use of a detection in depth approach can make valuable use of log or telemetry data from these tools to detect indicators of suspicious activity and threats that might have bypassed your systems. As a natural expansion of defense in-depth, detection in depth was evolved to emphasize multiple layers of visibility into network activity. This layered approach reduces the risks associated with dependency on a specific solution or vendor and better enables you to catch one of the many early warning signs of an attack.  

For example, today’s ransomware attacks are often complex, multi-stage attacks that attack that attempt to compromise one or more endpoint devices and install malicious software that blocks access to those devices. With multiple security monitoring tools at both the endpoint and network levels, it is easier to detect and discover the early stages of ransomware related activities, allowing you to stop cybercriminals before they get into your networks. 

When selecting a Managed Detection and Response service provider, look for one whose detection capabilities provide benefits beyond the level of preventative controls. Using machine learning models and advanced correlation analysis can power detection in depth through identifying signals of suspicious behavior, making your MDR service provider better able to spot potential threats and act quickly.  

There are various frameworks and models an MDR service provider can use to break down the typical cyber-attack into a series of several tactics, objectives, or stages. The MITRE ATT&CK matrix, for example, has 14 distinct objectives while the cyber kill chain traces out 7 attack stages. Whatever model you or the MDR service provider follows, it’s prudent to seek out a partner that goes deep with their detection capabilities across all phases of cyberattacks rather than being limited to the surface level controls.  

Investment in Threat Hunting  

Your MDR service provider should have a threat hunting team that takes a proactive approach to search through your network, data, and systems to unearth hidden threats and adversaries lurking in your environment. These threats may have gone undetected by existing tools or use cases, but with the help of a dedicated threat hunting team, the risk of a data breach can be minimized. 

Global MDR service providers can add more value from threat hunting by applying their findings from one client’s network to improve threat hunting efforts for other clients. Machine learning models that identify anomalies and score them based on how unusual they are in the context of baseline behavior should be part of your MDR provider’s  threat hunting tool chain. Many MDRs have some senior advisors that can play an important role by digging through client logs, dashboards, and visualizations to hunt for threats.  

Clear Communication and Visibility 

When evaluating an MDR service provider, it’s critical that you set expectations for how you would like to be able to communicate with your partner. Some MDR service providers might have limitations on communication hours or specific mediums that might not work well for your business. Given that an attack can happen at any time, you should look for a team of SOC analysts who not only monitor your environment around-the-clock but also one you can access when you need additional help. It is also beneficial to have multiple communication options, such as phone, web portal and email.  

Select a Managed Detection and Response service provider that goes the extra mile by displaying real-time data, dashboards, and other valuable security information. Some MDR providers can improve your security posture by identifying gaps in controls that can be exploited by attackers. Executives can use this data to demonstrate team improvement over time or justify spending for additional headcount or tools.  

Proficio’s MDR services provide your business with around-the-clock security monitoring, advanced threat detection, investigations, and automated response capabilities. You can learn more about our Managed Detection and Response or find out what Gartner recommends you ask MDR providers and Proficio’s answers. 

Establishing a Modern SOC With Splunk APAC Director for Specialization | Matthew Joseff

In the on-going war against cybercrime, many organizations are looking for ways to modernize their Security Operations Centers (SOCs) to keep up with the ever-evolving threat landscape. On this episode of Cyber Chats, Proficio’s Shane Talbot is joined by Matthew Joseff of SplunkThey provide their tips to companies looking to stay ahead of the curve and why moving to the cloud is key. 

While moving to the cloud is a critical part, it’s just one piece of the puzzle for a comprehensive cybersecurity strategy. However, often cybersecurity executives have a hard time justifying to the Board the need for additional resources. Shane and Matthew debate this often-complex scenario and discuss how to demonstrate the importance of security. What do they suggest? Tune in to find out. 

Proficio Cyber Chats With Qualys CISO | Ben Carr

One of best ways to stay safe, and maximize your time, is to prioritize your risk. Ben Carr, Qualys CISO, and Zane West, Proficio’s VP of Products and Development, chat about the benefits of solutions like Risk-Based Vulnerability Management and what’s key to better understanding your risk profile. This is critical when dealing with a hybrid workforce, but what else is essential? Learn what they recommend and also hear their tips on how to stay compliant in an increasingly challenging time.

Proficio Cyber Chats With Oliver Rochford

One of the most popular buzzwords today is SOAR, Proficio’s EMEA SOC Director, Carlos Valderrama, and former Gartner Analyst, Oliver Rochford dive into the concept of SOAR in cybersecurity. Oliver provides his unique perspective of how the term came to be while he was working as an analyst at Gartner. Does he think SOAR lived up to its potential? Tune in to find out!

The conversation leads off with their ideas on what the SOC of the Future will look like; they also provide their insight into what aspects are critical for these to be successful. Carlos notes, “we see a lot of vendors push for buzzwords… instead of looking for real solutions.” So where will they go from there?

Proficio Cyber Chats With ePlus

How are cybersecurity teams adjusting to the current threat landscape and what can they do to stay ahead? Hear what Proficio CEO and Co-Founder, Brad Taylor and VP of Solutions for ePlus, Lee Waskevich, had to say about this and other topics influencing todays cybersecurity industry.

With many cybersecurity teams facing resource constraints, Brad and Lee talk about some alternatives for those organizations. These include adding automation to augment staffing or using a risk-based approach to focus on your most critical vulnerabilities. What else do they suggest? Listen to find out!

Proficio Cyber Chats With VMware Carbon Black

How do you develop a mature cyber program? A question that many organizations struggle with. On this episode of Cyber Chats, Proficio’s Carl Adasa and Rick McElroy of Carbon Black discussion kicks off with possible answers to that question. Their experience both from the provider and vendor side gives them a unique perspective on how companies can build up a strong internal program.

With this goal in mind, they go on to address the challenges many teams face, with the lack of qualified cybersecurity professionals available to hire. This leads many organizations to outsourcing some or all of their security needs, which means finding the right partner is critical. So, what should you look for? And what can you do to help win the war on cybercrime? Tune in to find out.

Tips for Email Security

May 5th, 2016 is World Password Day – a day created to encourage safe password practices. The best defense against external threats is staying informed and diligent with your security practices, especially when it comes to email security.

Here are some tips to help stay safe from email threats:

  • Never share your password. If someone is requesting this information via email, they are phishing for access to your account. Understand that reputable businesses would never ask for personal information via email.
  • Change your password often and create strong passwords – use a combination of letters (capital and lower case), numbers, and special characters that is at least eight characters long
  • DO NOT open email attachments unless you know the sender, are expecting attachments from them, or can verify that the approved sender sent the attachment. If you receive an attachment you cannot verify, DELETE IT – it’s better to have someone have to resend the attachment.
  • DO NOT reply to spam messages or emails that seems suspicious.
  • Learn how to recognize phishing and spear phishing attacks. Some examples of frequently used techniques to steal your credentials are:
  • Messages that contain threats to stop services or shut down your accounts
  • Emails that request personal information (i.e. account numbers, PHI, credit card information, passwords, etc.)
  • Emails that use words such as “Urgent” or Immediate Response Requested”. These words usually raise a sense of alarm, and make feel like a reply is warranted
  • Forged email addresses. These are sometimes hard to notice as some email programs leave out email addresses in the body. If you are suspicious of messages in the body you can check the senders true Identity in the email headers
  • Poor writing or grammar errors
  • Be aware of links in email. Before clicking anything, verify the links are valid by hovering over link to see if the URL looks legitimate. You can also check links by typing them into virustotal.com or using Google search engine
  • Be aware of where you are posting your personal information. Spammers tend to “troll” social media sites for information they can use to make their email seem legitimate or guess your password.

Just following these few tips will help to keep your email more secure and ensure your password protected information is safe.