After a couple of false starts, we are finally emerging from behind the shadow of the Covid pandemic. Some businesses prospered explosively during it as people suddenly needed to access key services remotely, such as the fintech and healthcare sectors; others were forced to deal with an almost instant switch-off of commercial activity, for example the travel and tourism markets. In this article we will look at the travel sector and anticipate what kinds of security challenges might lie ahead as the market evolves and recovers.
The simple truth is that it was really bad. In a January 2022 assessment of the impact of Covid-19 on the travel and tourism market, the United Nations World Tourism Organization published a very dramatic report which highlighted the scale of the problem:
The report documented that 2021 delivered a small increase over 2020 but that 2022 should be the first year of real recovery, a view shared by 58% of the experts consulted for the report. That said, 64% of those experts also didn’t expect travel revenues to return to their pre-pandemic (2019) levels until 2024.
So, it seems reasonable to predict a good bounceback in the sector. However, it is also important to recognise the pandemic as a significant discontinuity in the structure of the travel market - when it returns to its former revenue level it will certainly look quite different compared to 2019, with new and emerging travel providers, offerings and business models.
In order to understand what the sector might look like as it recovers from the pandemic induced shock, it makes sense to consider what happens when a significant discontinuity hits a mature market in the 21st century. Some or all of the following effects will be seen:
We can also learn something from what we have seen in other sectors during the recovery, in particular high street retail. While most retailers have seen revenue levels staying flat or increasing, they have experienced a dramatic shift from in-person shopping to online transactions, particularly through the use of mobile apps. This evolution has focused customers’ attention on the mobile experience and has also allowed new or emerging players to compete on the level playing field that is the app store.
There's no doubt that the travel sector will see accelerated use of mobile and this should be embraced by businesses in order to match the user experience now expected by consumers. Ticketing, discount cards and rewards schemes must be highly optimized for mobile and must deliver slick and modern experiences for customers. This was happening anyway of course, but it is much more urgent now in order for brands to remain relevant and vibrant in the eyes of their customers. After 2 years of not travelling, all regular habits and loyalties are broken and that includes the selection of travel service providers.
Another aspect of digital markets which is particularly relevant to the travel sector is the existence of aggregators, companies who bring together service providers in order to present a one-stop shop for consumers. In the past this was mainly a web based phenomenon and was restricted to single strands of the travel sector such as hotels and train tickets.
However, aggregators are much more sophisticated now and much more mobile centric too, offering end-to-end travel solutions to consumers, delivering customized options based on their individual preferences. As the travel sector recovers, threats from aggregators and other agile travel operators are likely to be the main new digital challenges with which incumbents will have to contend.
It will be no surprise that hackers and fraudsters have not been idle during the pandemic, after all most of them were already working from home. Seriously though, attackers are always on the lookout for sensitive information they can extract/intercept, or business models they can game. Let’s look at two ways hackers can find the information they need to plan and exploit an attack against a travel business.
In addition, aggregators may be friends or enemies to your business, depending on how well you retain control of the data you share with them. It is better to acknowledge and work with them rather than let them expose your data in undesirable ways and places. Our customer case study with Sixt explores this in more detail in the context of car sharing.
Therefore, as the sector recovers and the consequences of the huge discontinuity in the travel sector plays out, hackers will be probing, experimenting and executing attacks against businesses who do not adopt security best practices.
The good news is that appropriate best practices do exist which can quickly be implemented and make a real difference. Here are three immediate recommendations:
Securing mobile apps and the APIs that service them in a holistic, effective and efficient way is a challenge but is not uncharted territory. In a rapidly evolving travel and tourism market, business opportunities will be there to capitalize on and the last thing any operator needs is to be hampered by security issues during this critical time.
Therefore, now is the time to review and enhance security arrangements for travel apps and APIs. To talk to us about your use cases and have a security expert explain where and how Approov can help, you can schedule a call with us here.