Securing the Skies: How Hardware-Based Authentication Protects Airlines from Phishing and Cyber Threats

In my latest blog post, I take a close look at the global airline industry. What challenges does it face, particularly with regard to cybersecurity? What solutions are available, and how can airlines use them to improve security and resilience

The airline industry has always been a critical infrastructure sector - but in recent years, it has also become a prime target for cyberattacks. In 2025 alone, cyberattacks on airlines rose by 24% globally, driven by increasingly sophisticated phishing, ransomware, and social engineering campaigns. Airlines store and process immense volumes of passenger data, manage global booking systems, and collaborate with numerous third-party providers - making them high-value targets for threat actors.

The consequences of successful attacks range from disrupted operations and grounded flights to extorted ransom payments and reputational damage. Moreover, the regulatory burden is rising. Airlines must comply with international and regional standards such as ICAO, IATA, ISO/IEC 27001, NIS2, EU GDPR, Germany’s BSI regulations, KRITIS, and TTDSG.

Overall, I identified five ongoing cyber risks that airlines face.

• Phishing and identity theft are at the top of the list: Attackers pose as employees or third parties to gain unauthorized access.
• Misuse of loyalty programs: Reward accounts are misused for fraud and identity theft.
• Manipulation of bookings and check-ins: Fake login credentials and lateral movements threaten critical IT systems.
• Vulnerabilities in suppliers: Outsourced call centers and support systems often serve as weak entry points.
• The complexity of physical and digital access: Employees work across multiple access levels, systems, and locations.

In the light of the increasing regulatory pressure - from ICAO and IATA to NIS2 and EU GDPR - airlines must ensure secure authentication across all endpoints without adding complexity.

The global airline industry is facing its greatest challenge in the form of phishing. As demonstrated by the recent case involving Quantas, phishing campaigns have a significant impact on reliability and smooth operations.

1. Employee credentials and privileges: attackers test help-desk staff via fake calls or emails (“vishing”), impersonating staff or contractors to bypass MFA.

2. Third-party / vendor systems: attackers often breach airline partners (e.g., call-center platforms) to circumvent internal security, as demonstrated by the Qantas breach.

3. Passenger data: names, emails, phones, date of birth’s, frequent flyer info are commonly stolen for fraud or resale.

4. Loyalty accounts & booking systems - fraudsters aim to hijack loyalty points, manipulate bookings, or test payment flows.

5. Operational systems - phishing might be a precursor to ransomware or sabotage, targeting scheduling, check-in, or IoT infrastructure.

Swissbit’s iShield Key 2 offers a robust, all-in-one security solution that enables seamless and certified access control.

• Supports FIDO2, PKI, and OTP applications - ideal for hybrid IT environments.
• Enables passwordless login and secure device access in one compact device.

• Combines digital and physical authentication via smartcard chip.
• Supports HID, MIFARE, and LEGIC protocols - compatible with all major building access systems.

• FIPS 140-3 Level 3 and CC EAL6+ certification ensure the highest security levels.
• Designed for harsh environments, including airline maintenance zones where smartphones are prohibited.

• Plug-and-play functionality with existing IT infrastructures.
• Remote update capability ensures up-to-date protocol security.

• Reduces support costs, device management overhead, and phishing-related incidents.
• Combines multiple authentication use cases into one device, simplifying logistics and training.

By combining physical and digital authentication into a single device, companies can reduce complexity and save on device management and support efforts.

• Securing access to passenger data
• Protecting loyalty programs
• Booking & check-in system integrity
• Secure access for employees & vendors
• Third-party data exchange

The positive effects of integrating iShield Key 2 into airlines IT security infrastructures on their economic success are obvious and convincing.

• Prevents identity theft and data leaks
• Blocks faud and abuse of reward points
• Ensures operational continuity and prevents tampering
• Enables controlled access to digital and physical spaces
• Ensures authenticity of external system connections

In summary, reducing security incidents by eliminating password-related vulnerabilities reduces operating costs by providing uniform management of access devices and minimizing IT support costs through simplified authentication processes. These benefits are complemented by compliance with global requirements and avoidance of penalties for regulatory violations.

According to the HYPR 2025 State of Passwordless Identity Assurance Report, hardware authentication devices and FIDO passkeys are expected to become the global gold standard by 2027. Swissbit’s iShield Key 2 is already delivering on that vision - today.

The Swissbit iShield Key 2 is essential for ensuring secure, compliant, and efficient airline operations. As attack surfaces increase and regulations become stricter, airline operators must deploy reliable, integrated solutions that protect people, employees, and data.

The iShield Key 2 series allows airlines to lead this transformation and ensures they are prepared for a passwordless future. With Swissbit, you gain a trusted European partner to accompany you on your digital transformation journey.