The importance of Cybersecurity, the case of IHG

Companies spend millions of euros to attract customers and offer them the best experience, but they forget something fundamental: the security of their customers' data, and their own.  This situation is not new, in fact, it is quite common for cybercriminals to try to attack and extract information from large and not so large companies.


In recent years, cyber-attacks have skyrocketed due to factors such as teleworking, which makes data more vulnerable. Not having the same security measures as companies means that computers are left unprotected, and therefore companies are left unprotected. Data collected by the Government of Spain say that some 180,000 incursions against citizens, companies and public administrations were detected in 2021. Of these attacks 90,100 were aimed at citizens and companies, the rest were against strategic operators or against the Spanish Academic and Research Network (RedIRIS). In May, the Locked Shields cyber-exercise was held to test the defensive capacity of the participating countries in terms of cybersecurity. On this occasion, 32 countries and more than 2,000 military and civilians participated, and Spain came in last place, making it clear that we are the least prepared country. A worrying fact that should undoubtedly make us be more alert when it comes to the cybersecurity of our personal lives and our businesses.


The IHG case

One of the most recent high-profile cases has been the one against International Hotel Group, IHG, the British company that owns well-known brands such as Holiday Inn, Crowne Plaza or Regent, with more than 6,000 hotels around the world.  The cyber-attack was executed by a couple from Vietnam who attacked the company's database and cracked the password. The surprise was that the password used was "Qwerty124", an error, which sadly is very common in companies.


How did it all happen?

The alert was given by the customers themselves when they encountered problems when making reservations and checking in. As soon as IHG realized what was happening, they tried to safeguard their image with their customers with reassuring messages on social networks. They alluded that the errors were due to "system maintenance". Unable to solve the problem, IHG finally had to acknowledge that it had suffered a cyber-attack and that it had been successful. The seriousness of the attack became apparent when the London Stock Exchange was formally notified. Security had been breached, confidential data had been exposed and the brand image was compromised. In addition, the perpetrators of the cyberattack wanted to take credit for the act, and using the name "TEAPEA" contacted the BBC via Telegram providing evidence that they had indeed been the authors of the hack.

What data were the hackers able to access?

IHG itself confirmed that they were able to access the organization's internal Outlook emails, Microsoft Teams discussions and server directories.


How did they do it?

According to the cybercriminals themselves through a deceptive email they got a worker to download malicious software that gave them access to IHG's internal network. In addition, their process involved circumventing the two-factor authentication security system, delivering a security warning message to employees' devices.


This case, like others, should alert companies that handle sensitive information, both their own and that of their customers, not only because of the heavy fines they may receive, but also because of a matter of responsibility and credibility. For this reason, it is vital to have an expert company to secure the data. And of course, at Grupo Dynasoft we are always available to help you achieve or maintain a secure technological environment.