Industries

Hospitality

Hospitality is systematically attacked through its service culture. The same help desks trained to be responsive are the same help desks Scattered Spider calls. One 10-minute phone call cost MGM $100M. Aktoh deploys autonomous AI defense for hotel operators.

$100M

MGM Resorts losses from a 9-day ransomware attack triggered by a single 10-minute help desk phone call

MGM Q3 2023 Earnings

437K

Hotel guest records exposed in the Otelier platform breach affecting Marriott, Hilton, and Hyatt simultaneously

HaveIBeenPwned / Infosecurity Magazine 2024

$3.86M

Average cost of a hospitality data breach in 2024

IBM Cost of a Data Breach Report 2024

A Letter to Hospitality Leaders

— James Spitler, Founder & CEO, Aktoh Cyber

The same threat group worked through Las Vegas casino operators like a checklist: Caesars paid ~$15M ransom in August 2023. MGM refused to pay and absorbed $100M in losses over 9 days. Boyd Gaming and Wynn Resorts were hit in September 2025. The entry point at MGM: a 10-minute phone call to the IT help desk. That is the culture paradox of hospitality: the service-first instinct that makes guest experiences exceptional is the same instinct that makes help desks exploitable. The Otelier platform breach exposed guest data across 10,000+ properties at Marriott, Hilton, and Hyatt simultaneously — through a single vendor relationship. Aktoh deploys deception technology that turns hospitality's interconnected architecture into a detection advantage.

Help Desk & Vishing Defense

Scattered Spider TTP Protection

AI-powered detection of social engineering attacks targeting hotel help desks. Stop the Scattered Spider playbook before a 10-minute call becomes a $100M loss.

Guest & Property Data Deception

Sleight Platform

Decoy guest records, phantom reservation systems, and honeypot loyalty program data. Attackers targeting guest data hit tripwires before reaching real records.

24/7 Autonomous Detection

Horsemen Platform

Continuous behavioral monitoring across PMS, POS, reservation, and loyalty platforms. Detect anomalous credential use and lateral movement in hours, not 9 days.

Third-Party Platform & Vendor Security

Otelier Model Protection

Monitor every third-party platform with guest data access. One vendor's breach shouldn't become your brand's breach notification.

Ransomware Prevention

Hypervisor-Level Protection

Detect ransomware staging before deployment reaches hypervisors and virtualization infrastructure — stopping simultaneous system encryption before it starts.

Guest Data & Compliance

FTC, PCI DSS, GDPR Alignment

Map your security posture against FTC enforcement standards, PCI DSS requirements, and GDPR obligations. Documented evidence before the breach, not after.