How the travel industry can protect data in the age of AI this Diwali season?, ET TravelWorld

Diwali is right around the corner, and travel across India is expected to surge with nearly 50 per cent of Indians planning trips during this festive season. This travel boom is mirrored by growing consumer confidence, as a report by Rediffusion reveals that 36 per cent of consumers intend to spend more this year compared to last, signalling optimism in the retail industry. Unfortunately, it’s also this time of the year when cyberattacks spike due to reduced vigilance.

As the festive season drives substantial revenue for the travel and retail sectors, many organisations prioritise customer acquisition and revenue generation, with cybersecurity taking a backseat. Research shows that website traffic surges during peak travel periods are often accompanied by a spike in cyberattacks. Alarmingly, reports indicate that critical vulnerabilities persist across all of the top 10 travel and hospitality websites.

Generative AI further complicates the situation, significantly accelerating the speed and scale of cyberattacks. Cybercriminals can now identify unpatched vulnerabilities within minutes and target business-critical assets or deploy ransomware capable of crippling IT infrastructures.

Downtime during high-revenue periods like Diwali can result in significant financial losses, making preventive cybersecurity measures more important than ever. With the travel and retail industries holding vast amounts of customer data, organisations must implement robust cybersecurity strategies to prevent breaches. But how can they do it?

It starts with securing data in the cloud
The travel and retail industries hold vast amounts of sensitive data—from credit card details to passport numbers amongst others—making it an attractive target for cybercriminals. With the adoption of cloud applications and AI to offer personalised customer experiences, technology has become the backbone of travel and retail businesses. The flexibility, scalability, and diverse storage options of cloud technologies are driving a data explosion within the industry.

Organisations now rely on a wide range of cloud-based data solutions, from massive media archives to real-time analytics, as AI plays a pivotal role in delivering tailored services to consumers. However, this growing volume and variety of data stored in the cloud expand the attack surface for cyber threats. A study revealed that travel businesses use between five and 21 different cloud hosting providers, highlighting the complexity of managing multiple cloud environments.

Data in the cloud is constantly shifting, and stored in various locations and formats. As such, organisations must address the challenge of collecting, storing, using, and securing this data. While many cloud security solutions offer valuable tools, they often fall short in helping security teams prioritise the protection of an organisation’s most sensitive assets. As a result, critical data and AI resources often remain inadequately secured.

Standalone solutions such as data security posture management (DSPM) and AI security posture management (AI-SPM) can shine a spotlight on data and AI resources. However, without proper integration into broader cloud security tools, it’s a real challenge to contextualise and prioritise security findings properly to mitigate the risk in time using the limited resources cyber security teams have. If threat actors can leverage such gaps, it could lead to widespread disruptions, putting both customer trust and business operations at risk.

A comprehensive approach to cloud security becomes crucial in this scenario. When DSPM and AI-SPM tools are integrated with cloud-native application protection platforms (CNAPP), they provide a more robust solution. This approach offers deep visibility into data across multi-cloud environments, identifying where sensitive data resides, classifying it by severity levels, and categorising it as proprietary information or personally identifiable information (PII). These tools not only detect suspicious data-related activity before it escalates into a breach but also allow organisations to manage access to sensitive data, revoking permissions where necessary.

Data security top of mind this festive season
Several high-profile organisations have already made headlines for falling victim to cyberattacks, exposing a fragmented and compliance-driven approach to cybersecurity. To stay ahead of these threats, the travel and retail industries must adopt a comprehensive, business-driven, and risk-based approach to securing data and AI. This is especially critical during the festive season when cybercriminals are more likely to exploit security weaknesses.

The author is the Managing Director and Country Manager of Tenable India, a leading cybersecurity company.

DISCLAIMER: The views expressed are solely of the author and ETTravelWorld.com does not necessarily subscribe to it. ETTravelWorld.com shall not be responsible for any damage caused to any person/organisation directly or indirectly.