HOW TO OUT SMART THE HACKERS

In the digital age, hacking has become an omnipresent threat to businesses across various industries. From financial institutions to healthcare providers, and yes, even our theme park industry, no sector is immune to the malicious activities of hackers. One recent incident that underscores the severity of this issue occurred recently at Disneyworld, where a disgruntled former employee managed to hack into the park's menu systems, causing significant interference. My editorial explores the implications of such hacking incidents and offers strategies for theme park operators to safeguard their operations.

As we just learned, a fired employee from Disney used their knowledge of the park's digital systems and a password that had not been inactivated to hack into the Food and Beverage menu boards systems of various dining establishments within the park. The hacker manipulated prices, inserted profanities into menu descriptions, and, most alarmingly, altered allergy information, creating potential life-threatening situations for guests with food allergies. This incident highlights not only the potential for financial and reputational damage, but also the very real risk to public safety that can arise from such cyber-attacks. Fortunately, the Disney world organization was able to catch this incident of “hacking” before the person responsible activated the changes to the public.

The consequences of hacking in theme parks extend far beyond financial losses. When hackers tamper with systems that manage customer-facing elements such as menus, rides, and reservation systems, they undermine the trust and safety of visitors. For instance, misrepresented allergy information can lead to severe allergic reactions, damaging the park's reputation and leading to potential legal liabilities. But, hacking can also disrupt park operations by causing system outages on rides and attractions. This can result in significant downtime, during which rides and attractions are inoperable, leading to dissatisfied customers and lost revenue. It can also create safety issues, which as we all know are our highest priority. Safety first, always.

To combat the potential threat of hacking, theme park operators must adopt a multi-faceted approach that encompasses technology, policy, and human resources. Here at ITPS, we have researched this topic, and prepared a few recommendations that can help both large and small attraction operators get a head start on preparing for one of our industry’s most concerning problematic issues we will continually be facing in the future.

First, implementing state-of-the-art cybersecurity infrastructure is essential. It must become a P&L line item. This includes firewalls, encryption, intrusion detection systems, and regular security audits. Employing advanced technologies like AI and machine learning that can help detect and respond to threats in real-time is not cheap, but an absolute necessity.

Also, park operators should consider establishing regular training sessions on cybersecurity best practices with employees, by educating them to recognize and respond to potential threats to management. (This what Disney did, and it paid off). This includes training on password management, phishing attack recognition, and safe internet practices. We are learning this type of information/training is becoming more constantly available and financially justifiable.

Moreover, if not already doing so, it is important to improve access “Control and Monitoring” by trusted individuals. By limiting access to sensitive systems based on job roles and responsibilities, and on seniority, this can highly reduce the risk of internal personnel threats. Where possible, institute continuous monitoring of network activities by key staff.

Next, consider developing a comprehensive incident response plan that the park can quickly and effectively respond to by any discovered hacking attempts. This plan should include steps for early detection in identifying the breach, steps for containing the damage, and eradicating the threat, and what needs to be implemented for recovering from the attack.

Studies have been done specifying that keeping all software and systems up to date with the latest patches (security patches address specific security risks, often by remediating a particular vulnerability) helps close vulnerabilities that hackers might exploit. Automated systems can be used to ensure timely updates.

We suggest contacting a cybersecurity company to discuss the information in this article. Regular assessments by independent cybersecurity experts can help identify and address potential weaknesses in the park's security infrastructure prior to any hack.

The recent hacking incident at Disney serves as a stark reminder of the vulnerabilities that modern businesses face. If it can happen at a Disney facility, it can occur at any of our industry’s facilities.

For theme parks, where customer safety and satisfaction are critical, the stakes are particularly high. By early investment in cybersecurity measures, educating employees, and preparing for potential incidents, theme park operators can protect their guests and their businesses from the widespread threat of hacking.

We are learning daily that cyber threats have serious and costly consequences. We need to be ahead of the hackers, cyberpunks, and hacktivists!

Click here to read more observations.