Connecting the World Through Technology and Hospitality

With Abnormal automatically handling advanced email threats, Choice Hotels now uses its time to fortify the entire hospitality cybersecurity space.

Company Overview

Industry: Hospitality
Rockport, MD
Protected Mailboxes:

Security Environment

BEC Threatens Hospitality Brands

Business email compromise attacks impersonate executives, clients, vendors, or coworkers to bypass legacy tools and reach inboxes. The RH-ISAC 2021 CISO Benchmark Report Summary found that nearly 25% of its members faced risks related to phishing, BEC, malware, and other email threats.

Abnormal protects Choice Hotels from these advanced email threats to their data, operations, and reputation.

Advanced Threats Bypassing Two Secure Email Gateways

Choice Hotels aims to connect the world through the power of hospitality. As one of the world’s largest lodging franchisors, the company is known for its 7,100 hotels under multiple brand names across upscale, boutique, and economy properties. Connecting that ecosystem and its customers requires modern security for a vast and always-growing email attack surface.

Although Choice doesn’t operate the locations, the company is responsible for protecting the data of 50 million loyalty members and other guests, according to Jason Stead. Stead is the CISO of Choice Hotels and a director on the board of RH-ISAC, the retail and hospitality cybersecurity group.

“Hospitality is a highly targeted industry because hotels have troves of guest data that is of interest to nation-state actors and financially-motivated criminals,” Stead said. In fact, the industry culture seems tailor-made for social engineering. “Hospitality is welcoming and helpful. That’s exactly what phishers are looking for—people willing to do whatever it takes to provide great service.” And unfortunately, attackers don’t stop with frontline employees either. “Last year, several of our top leaders were continually targeted. The attacks required time and effort from my operations team to remediate those situations,” explained Stead.

Even with two secure email gateways deployed, advanced threats were appearing in inboxes. In many of these cases, cybercriminals exploited more than 120 of the company’s vendors to attempt phishing and invoice and payroll fraud.

“We employed two SEG solutions in sequence, and that still wasn’t solving our email security problems. Abnormal frees us from inbox cleanup, so we can proactively identify and address other security threats before they become problems.”
—Jason Stead, CISO

Choice Hotels Needed to Stop Advanced Email Threats Bypassing Their SEGs

Stead hoped Abnormal could prevent what the company’s SEGs and people couldn’t catch. “We train our people to identify these threats and to respond,” Stead said. “But not everybody will consistently follow through. Frankly, it’s easy for anybody to fall victim to these scams.”

Integrating Abnormal with Microsoft 365 was simple. “We set up an account in less than five minutes and walked out of the proof of value (POV) meeting with the tools to manage and own the solution,” said Jason Simpson, Vice President, Engineering. The Abnormal behavioral AI-based detection engine started delivering results soon after the POV began.

“It was great,” Stead added. “The Abnormal team alerted us when our leaders or employees were about to fall victim to an advanced email threat so we could proactively prevent it. Even though we were still in monitor-only mode, their direct support allowed us to mitigate those attacks in real time.”

Rapid Results in Detecting BEC, Phishing, and Supply Chain Fraud

Among the threats Abnormal quickly detected was a BEC email urging an employee to purchase gift cards for them, a common ploy in these attacks. “An employee had engaged with that bad actor via that email,” Stead said. “We were able to stop the employee before they went to the store to buy the gift cards and send the information to the bad actor.”

Abnormal’s AI-driven behavioral benchmarking also detects phishing and vendor email compromise attacks that appear to come from trusted senders. “Abnormal detected potential wire fraud emails reaching our people who process wire transfers, so we were able to prevent those transactions,” Stead said.

Stead recognized that one attack that Abnormal detected was likely targeting other hotel chains, too. “We were able to share that intelligence with one of our competitors to help them identify and mitigate it before something bad happened,” he said.

By working in the background, quickly detecting threats, and enabling intelligence sharing, “Abnormal delivered the fastest POV time-to-value, by far, that I’ve ever seen,” said Simpson.

Choice Hotels Statistics

More Time and Resources for Proactive Security Management and Education

Because Abnormal is simple to maintain, the Choice Hotels team spends minimal time tuning the product. Its AI and ML features automatically adjust against the baseline of known good activity. “The result is that there have been no issues with Abnormal,” Stead said. There’s also time saved on awkward conversations when a phishing email appears to come from a franchisee, vendor, or customer. “In the past, we would have to contact them to evaluate where it came from, but now those emails never land in the inbox,” Stead said.

In its first year, Abnormal reduced SOC response efforts by 36% from March through May during the company’s busiest season for email activity and threats. “That freed my team to spend more time on threat intelligence gathering and threat hunting,” Stead said.

They also have more resources for awareness training. Abnormal’s dashboard provides real social engineering attacks they can analyze and use for education. “Abnormal gives us a robust suite of phishing examples that we can use to train our employees, and it’s not just about training them for their corporate world, but also for their home lives,” Stead said.

“Overall, Abnormal has been so effective that we’re moving toward eliminating at least one of our secure email gateway solutions,” Stead added.

“During our peak threat season, we experienced a 36% reduction in response efforts to email threats that make it past our SEGs. Because of Abnormal, our busiest months this year have required less response work than our quietest months last year.”
—Jason Stead, CISO

Abnormal Helps Choice Hotels Strengthen Internal and Industry Email Security

With Abnormal automatically handling advanced email threats, Choice Hotels uses the time it previously spent on reactive security responses to proactively identify threats, provide more realistic awareness training, and fortify the hospitality cybersecurity space.

“Our goal is to create enough friction so that threat actors go somewhere else,” Stead said. “What we’re doing now, especially with Abnormal and RH-ISAC, is banding together to uplift the entire industry.”

Let us show you how Abnormal can help keep your organization safe from advanced email attacks. Request a demo today!

Connecting the World Through Technology and Hospitality

See Abnormal in Action

Schedule a Demo

See the Abnormal Solution to the Email Security Problem

Protect your organization from the full spectrum of email attacks with Abnormal.

See a Demo
Integrates Insights Reporting 09 08 22

Related Resources

B 5 15 23 Saskatoon PS
Saskatchewan’s largest school division uses Abnormal to detect and auto-remediate advanced attacks, reclaim time, and save money.
Read More
B CISO Fireside Chat OD Webinar
Cybersecurity leaders from Rubrik, Noname, Wiz, and Abnormal Security share their experiences and insights in this on-demand CISO fireside chat.
Watch Now
B 1500x1500 Rubicon Case Study L1 R1
Abnormal has eliminated the waste of reviewing copious email alerts and false positives, allowing the Rubicon team to focus on more strategic initiatives.
Read More
B TAG Cyber Buyers Guide
Download the buyer's guide for valuable advice on effectively securing cloud email environments and choosing the right cloud email security solutions provider.
Download Now
B Video Redefining Cloud Email Security
Abnormal's Head of Marketing, Arun Singh, explores the new solutions and strategies needed for the detection of and defense against advanced email attacks.
Watch Now
B 1 05 22 VBCPS
With a small team, complex challenges, & limited resources, Virginia Beach City Public Schools needed better security tools. Learn why they chose Abnormal.
Read More
B 04 20 23 Gartner report
Abnormal’s fundamentally different approach to cloud email security provides the best protection against existing and emerging attack techniques.
Read More
B Securing Cloud Email Video
Abnormal Security's CISO, Mike Britton, shares how enterprises can protect their cloud email environments from inbound attacks and email platform attacks.
Watch Now
B Abnormal for K 12 Education
Schools are increasingly popular targets for advanced email attacks. See how Abnormal blocks these threats.
Read More