What do you see when you look around an airport? Your first impression might be of the people. Yes, humans are an essential factor in aviation. In fact, everything from the initial aircraft designs or an airport’s architecture through to manufacturing and logistics is reliant on the human factor. 

Many of those very same factors, however, are easily exploited, as aviation personnel are also responsible for opening many doors to cyber criminals, who thrive on making this critical sector fly according to their own wishes. 

As part of celebrating International Civil Aviation Day (December 7th) let’s explore how this can be addressed, first and foremost, with a prevention-first approach that pays close attention to human factors and focuses on building systems and processes that anticipate mistakes, minimize their impact, and strengthen recovery capabilities.

Key points of this article:

  • Between airports, airlines, and aircraft stands a human factor that enables their smooth operation but can also cause costly disruptions.
  • Faulty cybersecurity updates, phished employee credentials, or deliberate attacks can amount to hundreds of millions in losses per airline per incident.
  • With IT costs being similar or more expensive than yearly aircraft maintenance, and even some aspects of R&D, implementing robust cybersecurity focused on AI, automation, and human-error prevention is a must to lower risk exposure and breach costs within this critical infrastructure.

The human side of aviation

Did you know that most breaches start with a click? Yes, human error, reportedly behind 60% of breaches recorded by Verizon, is the key item security personnel at human-powered facilities should be firmly aware of. The compromise of a single employee’s account can put critical aviation systems (such as flight scheduling) and data (of customers, for instance) at risk. 

A great example of this is the 2024 Seattle-Tacoma International Airport breach by the Rhysida ransomware group. That threat group commonly abuses stolen employee credentials to bypass perimeter defenses such as VPNs, which in the case of this airport resulted in a significant disruption of its operations as well as a major data leak.

Likewise, in 2023, ESET Research reported on the Lazarus threat group targeting an aerospace company in Spain through its employees, obtaining initial access to the company’s network after a successful spearphishing campaign by masquerading as recruiters for Meta. The greatest enabler of this campaign was the fact that the victims were using corporate computers for personal purposes, creating an easily exploitable opening to company systems.

A costly endeavor

When a typical U.S. airline’s annual expenses comes in at around $27 billion, with about $1.3 billion spent just on maintenance, one wonders what the spend on preventing human-enabled cyberattacks might be. If we assume that IT-related maintenance (avionics software updates, cybersecurity monitoring, data systems) account for a little less than 10% of the overall maintenance budget, the high-side estimate to stay secure maxes out at $130 million per year.1 Or does it?

In 2023, Southwest Airlines allocated as much as $1.3 billion of its operating budget to IT upgrades following a holiday meltdown in 2022, in part due to changes to its staff scheduling computer systems, which resulted in a $1.1 billion loss. The same company experienced a much smaller scale disruption in 2023 due to a firewall issue, leading to loss of operational data, which resulted in flight delays.

On that same note, sometimes, the cause doesn’t even need to be an internal employee-enabled cyberattack; it could stem from an external partner. In July 2024, a faulty cybersecurity update caused systemic global interference in airport operations. Around the world, 4.6% of all scheduled flights were cancelled, including in busy places such as London Heathrow or Hong Kong International, and staff were forced to “go manual” in some of their operations. Based on one airline’s estimate, they accumulated a loss of at least $500 million as a result.

It's only human…sometimes

The previous stories are significant since the degree to which aviation is digitized has grown to the tune of $37 billion, a considerable IT spend overall, and one with expected expenditure growth in the coming years. Currently, for North American airlines, the top tech priorities are data analysis, AI implementation, and cybersecurity

Within the latter, emphasis is placed on:

  • AI/ML for threat detection and analysis
  • Extended Detection and Response (XDR)
  • Zero Trust Architecture 
  • SOC implementation

The AI focus is especially unsurprising seeing as it’s been deemed highly impactful in bringing the global average breach costs down by 9% to $4.44 million.

Sounds like a bunch of techno-jumbo, but for laypeople, airlines are seeking to implement efficient automation with further security safety due to the most common breach vectors being phishing, malicious insiders, compromised credentials, and supply-chain compromise. All veritably human-centered in one way or another. 

Furthermore, the selfsame technological mandate responsible for delaying the inevitability of human-centric attacks is also critical to safeguard aviation technologies. If a cybersecurity consultant can allegedly hack into in-flight aircraft computer systems for demonstrative purposes, imagine what malicious actors could do.

Soaring high

When you’ve got threat groups like Rhysida and Lazarus deliberately targeting airlines, the time for more resilience is now or never. 

The ground rules for alleviating human-enabled attacks in aviation should be:

  • Automation: Security solutions with AI/ML-enabled detection engines are primed to detect unscrupulous behavior before a human security engineer could. Errant emails, surreptitious behavior, or tailor-made malware for aviation systems should be more easily picked up by learned threat engines.

A word about automation

Usually, there’s no explanation of what automation covers in the security context. There’s a good reason why — it’s difficult to ascertain, as it depends on a particular product’s functionality. For instance, with Extended Detection and Response (XDR), you get an AI-powered detection engine that can more easily correlate telemetry, malicious samples, and TTPs with the MITRE knowledgebase.

On the other hand, automation could also be discussed within the context of it making certain mundane tasks more efficient, from security orchestration, through reporting, to remote monitoring and management. Remember to always check for what your use-case might be and seek automation accordingly. 

  • Beneficial integrations: No security platform can cover the entire threat surface alone. Regional or even larger airlines would do well by connecting their various security solutions through open platforms that combine the most appropriate functions in an easily digestible and yet multifaceted response-enabled view.
  • Threat intelligence: It’s no surprise that threat intelligence is an unbelievably powerful tool when combined with the right integration (including human prowess), delivering up-to-date data for a quicker threat response. It effectively bridges the gap between what you know (at the time) and what you see (in your detection dashboard, for example).
  • Mail security: The more layers, the better. Mail security should cover cloud-based apps as well as local servers for those companies that are more protective of their messages. Remember, the security fail is not that a pilot, flight attendant, or air traffic controller clicked on a phishing email — it’s the fact that it got into their inbox at all.
  • Awareness: A rather powerful medicine to heal human error is cyber awareness training. These trainings improve resilience with just a few clicks, leading to a proactive posture preventing incidents in the long term.
  • Managed Detection and Response (MDR): Ultimately, the key is to stay secure 24/7. Only through continuous monitoring enabled by multilayered technology and human expertise can aviation stay protected against threats like spearphishing or ransomware that can cripple entire airports.

Beyond these, solutions in use by other critical infrastructure sectors, such as proprietary security tech that is designed with one’s needs in mind, is also another road to higher resilience.

Safe landing

Humans will remain a constant in the transport industry. For aviation, the goal is to enhance resilience by factoring in human error and malicious ingenuity, which can unfold into very costly incidents and persistent shutdowns of airport operations.

Prevention should focus on building systems and processes that anticipate mistakes, minimize their impact, and strengthen recovery capabilities — through automation, better training, decision-support tools, and layered security.

eset-threat-intelligence_banner

Additional references:

1) Finnair Oyj. (2024). Annual report 2024. https://investors.finnair.com/files/documents/finnair-annual-report-2024.pdf, Accessed: 03.09.2025. This report details a typical regional airline’s spending, like Finnair’s IT spend of €121.7 million for 2024.