Andrii Paramonov, Aviation Team Lead at Sigma Software Group provides advice about how airlines can avoid a repeat of the recent high profile cyberattacks on the industry 

The airline industry sits at the crossroads of technology and transportation, relying on digital systems for smooth passenger experiences and efficient operations.

Software plays a key role in everything from ticketing and in-flight entertainment to airline operational activities.

However, this reliance brings significant cybersecurity risks, making airlines prime targets for cyberattacks.

In this article, we’ll explore high-profile incidents, identify common vulnerabilities, and outline effective strategies to strengthen cybersecurity across the sector.

A Closer Look at Major Aviation Security Incidents

Recent cybersecurity breaches at major airlines have raised a crucial question: are these isolated events, or do they point to a larger, systemic issue?

Let’s examine the most significant cases, identify key patterns, and uncover the common root cause.

Air India Data Breach

In March 2021, Air India, India’s flagship airline, suffered a major data breach due to a security vulnerability in its Passenger Service Provider (PSS), SITA.

Hackers exploited weaknesses in SITA’s centralised systems, gaining access to sensitive data such as names, passport numbers, ticket details, and frequent flyer information of 4.5 million passengers.

This breach highlighted the risks associated with third-party providers handling sensitive airline data, emphasising the need for stronger security protocols.

Airlines using similar PSS frameworks also faced greater regulatory scrutiny as a result.

EasyJet Data Leakage

In May 2020, EasyJet revealed a data breach affecting nine million customers, with hackers accessing travel details and email addresses.

While the airline called the attack “highly sophisticated,” such breaches often exploit API vulnerabilities, outdated software, or a lack of proper monitoring of external systems.

EasyJet faced legal challenges, regulatory investigations, and incurred costs for incident response and enhanced cybersecurity measures.

The breach also underscored the security risks associated with integrating APIs with third-party systems.

Cathay Pacific Data Breach

In October 2018, Cathay Pacific experienced a prolonged data breach that went undetected for four years.

Attackers exploited unpatched vulnerabilities in legacy systems and poor network segmentation to access personal data.

Over several years, they collected information on 9.4 million passengers, including names, nationalities, travel histories, and passport numbers.

The breach resulted in hefty fines and significant reputational damage. It also triggered greater scrutiny of legacy systems and encouraged many airlines to speed up their digital transformation efforts.

British Airways Magecart Attack

In August 2018, British Airways fell victim to a Magecart attack, a form of web skimming where malicious JavaScript was injected into its website and mobile app.

The attackers exploited outdated third-party libraries on BA’s online payment page, skimming personal and payment card data from over 380,000 customers.

The breach led to a £20 million GDPR fine, eroded customer trust, and sparked calls for better protection of online payment systems.

British Airways was forced to overhaul its security protocols significantly in response.

Shared Vulnerability Pattern

Airline companies often struggle to keep their software systems fully up to date.

Over time, their IT infrastructures have become more complex, incorporating various third-party components.

While these additions have expanded services, the complexity can delay necessary updates and patches.

This reliance on legacy, unpatched systems creates significant exposure to cyber threats.

As seen in the cases above, attackers often exploit outdated systems or third-party libraries, resulting in financial losses and reputational damage.

In the next section, we’ll offer actionable suggestions on strengthening cybersecurity to prevent such breaches.

SAST, SCA & SBOMs as Key Components of Airlines’ Security for the Future

As IT ecosystems evolve and some dependencies remain outdated, new vulnerabilities emerge within components, becoming prime targets for cyberattacks.

This highlights the critical need for continuous software maintenance and proactive security measures to ensure these complex systems stay resilient against modern threats.

A solid understanding of your ecosystem is the foundation of strong cybersecurity.

Protection begins with knowing every aspect of your IT environment and its vulnerabilities, allowing you to pre-empt breaches and quickly respond to new threats.

Based on proven security strategies from the airline industry, we’ve developed a set of best practices to help you maintain and strengthen your cybersecurity:

• Establishing Secure Coding Principles and Adopting Static Application Security Testing (SAST):

This strategy helps identify vulnerabilities in source code early in the development phase, reducing risks and costs compared to addressing issues after deployment.

SAST can be used on later stages as well, which still can help to update vulnerable parts of the code, as SAST is a part of a report we share to customers who have already implemented projects.

• Regular Audits and Updates of External Dependencies Using Software Composition Analysis (SCA):

Regularly auditing and updating your software ecosystem is crucial for maintaining security and minimising risks from outdated or untrusted components.

• Implementing Vendor Management Policies with a Software Bill of Materials (SBOM) Requirement:

By ensuring detailed inventories of all software components and third-party dependencies, you can quickly address potential issues and ensure better control over third-party applications.

As outdated dependencies create opportunities for emerging security breaches, addressing these risks requires a proactive, comprehensive security strategy.

By leveraging SAST, SCA, and SBOM best practices, organisations can continuously identify and fix potential threats, ensuring critical systems remain resilient against evolving cyberattacks.

In an industry where software drives almost every operation, true cybersecurity starts with a deep understanding of your IT ecosystem.

High-profile breaches show that outdated systems and overlooked dependencies can create significant risks.

By gaining a thorough understanding of your system, you can take proactive actions and introduce security measures that prevent vulnerabilities from becoming threats.

About the author

Andrii Paramonov, aviation team lead at Sigma Software Group

IBM Certified Deployment Professional. Andrii has over 11 years of experience in software engineering, the last 8 of which he dedicated to Aviation industry-leading products.

Having a deep understanding of key cybersecurity aspects and the importance of the ITIL processes, Andrii Paramonov utilizes them throughout SDLC to ensure that delivered solutions are of exceptional quality and comply with security best practices.