The common denominator in attacks is organisations failing to train their people
Cyber risk is an ever-evolving threat to organisations and the nature of the aviation industry means it has particular features that make it especially vulnerable to would-be hackers.
According to Eoghan, since the beginning of the Covid-19 pandemic the sector has seen a “dramatic” increase in the number of cyberattacks directed at staff, operations, and critical IT infrastructure.
“For some organisations in the sector, working from home, outside of the safety of organisational IT security perimeters, has become the norm,” he says. Given this and other security-related risks facing the sector linked to the war in Ukraine, cyber security continues to be high on the risk agenda with the threat profile only increasing, he adds.
Major breaches associated with airlines such as British Airways, EasyJet and Cathay Pacific have been reported in recent years – Eoghan points out that there are likely to be many more that never hit the headlines. “In each case listed above, the report result was a breach of personal records, highlighting the value cyber criminals place on personal information.”
Certainly, it is something of an understatement to say that the aviation industry collects sensitive information – this ranges from passenger information including passport details and data about their own employees, as well as sensitive legal and financial information related to purchasing and leasing contracts. Eoghan notes that intellectual property information related to prospective deals, purchase prices, pricing models and matrices is of immense value to would-be hackers.
“The most valuable information in the sector is the price Boeing and Airbus charge for airplanes,” he says.
Among the most significant threats to the aviation industry in terms of cyber security is organised crime. Eoghan points out that aircraft leasing firms make payments for millions of Euro on a regular basis. “Business Email Compromise [BEC] fraud is reasonably easy to prevent but is still one of the most common cyber-enabled frauds,” he explains. “Many businesses do not have the correct email settings in place, enabling cyber criminals to spoof email addresses and initiate successful BEC frauds.”
As geopolitical tensions continue to grow, this could also leave certain airlines vulnerable to a potential cyber-attack.
“Many airline brands are closely associated with their home country, such as Aer Lingus in Ireland and British Airways in the UK and could become a target due to the fallout of the war in Ukraine,” he says. “Disruption to summer holiday plans, and leaving passengers stranded overseas, would result in significant disruption and political pressure.”
There is also an ideological threat, as so-called hacktivists could potentially choose to target airlines and other actors in the aviation industry as a means of protest against its contribution to carbon emissions.
Content adapted from The Irish Times.
Subscribe to receive the latest BDO News and Insights
Please fill out the following form to access the download.