Air Transport Publications
Contact
Login   |   Register
jobs Jobs
events Events
bookmarks
My bookmarks
feature_main_image
Airlines

Technology migration

Cyber security, business intelligence, flight and revenue management systems are considered as some of the priority IT investments for airlines today. Keith Mwanalushi highlights some recent developments
 

In the last 18 months or so, the airline industry has seen a surge in investment towards IT infrastructure. The industry has also been blighted by some serious IT issues. From big application failures causing flights to be cancelled, to colossal data breaches that have affected thousands of air travellers.

Data breach should be a wake up call


British Airways (BA) and Cathay Pacific are just two examples of recent victims of data breaches. Airlines have a duty to keep the planes in the air, and the majority of investment goes into that. However, recent outages show investment should also be directed at technology. As airlines become ever more dependent on software, this creates a greater surface for hackers to attack, and so it is no surprise that breaches of this scale are becoming commonplace.


Using the latest BA data breach revelation as an example, Director at CA Veracode, Paul Farrington, discusses that these breaches could suggest a lack of focus from airlines. Is it possible that airlines are investing too much in keeping their aircrafts in the sky, as opposed to guarding passenger data on the ground, in their own IT systems?


“It’s disheartening but not surprising that hackers exploited British Airways again. As the amount of personal data held by organisations continues to grow, hackers are finding more sophisticated ways to gain access to this data and use it to make a profit. Application security is a $3 billion market and climbing, because applications are vulnerable to attack and are one of the top weaknesses hackers look to exploit.”


The plethora of data breaches witnessed over the past year has been remarkable, with British Airways reporting two separate hacks, with it being announced that the data hack was more far-reaching that initially suspected. Russian airline, Aeroflot, reported a docker registry vulnerability to the public internet back in September this year, and, of course, not forgetting the very recent Cathay Pacific data breach of which around 9.4 million passengers of Cathay and its unit Hong Kong Dragon Airlines Limited had been accessed without authorisation. This included 860,000 passport numbers, about 245,000 Hong Kong identity card numbers, 403 expired credit card numbers and 27 credit card numbers with no card verification value.


Although there has been some improvement, organisations need to fix bugs much faster, stated Farrington. “From our State of Software Security Report (SoSS), the research showed more than 70% of all software flaws remained one month after discovery, and nearly 55% remained three months after discovery.


“As businesses become more dependent on web apps, not fixing bugs quickly creates a greater attack surface. In addition, developers are using open source components for a majority of their code, gaining speed but increasing risk if vulnerabilities are not accounted for,” he warned.


In such cases, travellers tend to have the right to be angry. Farrington advises that if organisations want to avoid becoming the next victim of a breach, it is crucial that they take significant steps to secure their software quickly to ensure that they are doing the utmost to protect data privacy. >>

 


To download the PDF file for this article, you have to pay the amount by pressing the PayPal button below!


Filename: Technology migration .pdf
Price: £10

Contact our team for more information!


The Airlines channel

Industry blog
Highlights from the Cabin Refurbishment & Repair Conference
Jobs
Events

Comments

You must be logged in to post a comment.

Please login or sign up for a free account.

Disclaimer text: The views expressed in the above comments do not necessarily express the views of Air Transport Publications Ltd. or any of its publications.