If you fly through airports regularly, you likely think they are among the safest places in the world. Just to get on a plane, you need to go through several lines where your personal identification and personal belongings are closely scrutinized by airline employees and security personnel. Such measures are essential when considering the safety of passengers and airport employees as well as the security of airports and airplanes at large.


One important aspect of airport security is often omitted from security discussions. All airports have information technology networks and WIFI networks where our personal information is stored and transferred during our time at an airport, making digital security a crucial element.


A study on IT security at 100 of the world’s busiest airports shows that many of the world’s busiest travel hubs are very unsafe when it comes to data security. A recent study conducted by ImmuniWeb, a digital security firm, indicates that 66 of 100 airports studied were potentially exposed to bad actors operating on the Dark Web.


In their study, ImmuniWeb inspected the world’s busiest 100 airports to identify what indicators make for an unsafe airport.


Airport Exposure to The Dark Web

Of the 100 airports that ImmuniWeb studied, 97 of them have problems with their digital security systems that could be exposed and infiltrated by hackers operating within the Dark Web’s lucrative information-for-cash economy. According to ImmuniWeb, terrorists, criminals, and hackers trade sensitive personal information and log-in credentials in Dark Web marketplaces. Stolen information can be used to steal identities, make fraudulent purchases, or make larger threats to infrastructures and established organizations.


Where Airport Security Teams Need to Improve

It’s clear that security in airports doesn’t just involve scanning for physical threats. Airports are vulnerable to security breaches in a digital sense, as well.

ImmuniWeb’s research shows that over 75% of airport websites are not compliant with Europe’s General Data Protection Regulation, which determines how companies in the European Union must protect and regulate information that is accessed via information technology systems.

Airport websites that do not comply with this regulation run the risk of accidentally exposing personal information and financial details of all employees, customers, and contractors who are accessing their data on the network. This lack of personal data regulation is a great indicator of an unsafe airport.


Lack of Encryption in Airports

Just as disturbing, ImmuniWeb reports that nearly 1/4 of airports have no SSL encryption or use obsolete encryption software. These days, utilizing SSL encryption is a no-brainer when it comes to data protection in public spaces. The fact that a notable amount of the world’s busiest air hubs do not use encryption for data protection is troubling, and integrating more efforts to encrypt data in airports could solve a number of data security issues.


Cloud Storage at Airports

Not only is adequate encryption lacking at airports around the world, but many airports are also susceptible to having their cloud storage systems hacked. ImmuniWeb’s in-depth research shows that 3 of the 100 airports studied had folders in their cloud computing system that were publicly accessible. Unfortunately, these accessible folders contained personally sensitive information. A lack of security surrounding even the private folders in their cloud computing systems could make it easy for hackers to access sensitive information, as well.

Kelly Hoggan Aviation Security Footer