Cybersecurity is becoming increasingly complex in the restaurant industry. Attackers are no longer relying on traditional hacking methods—they’re leveraging AI, social engineering, and even loyalty programs to gain access to sensitive data. At a recent session, Joseph Frisk, VP and CISO at Dine Brands, and Marcus Wasdin, Restaurant Technology Network Board of Governors, shared insights on the evolving threat landscape and how restaurant IT teams can better protect their organizations.
Key Takeaways for Restaurant Technologists
1. Cybercrime Goes Beyond IT—It’s a Human Problem
Cybersecurity threats are no longer limited to IT infrastructure. Fake job postings, impersonation scams, and fraud tactics are increasingly used to target employees. Attackers gather personal and company information through deceptive interviews and phishing attempts, exploiting human error rather than technical vulnerabilities.
➡ Why it matters: Restaurant IT leaders must expand their security efforts beyond traditional network defenses, educating employees on recognizing social engineering tactics and fraud schemes.
2. Loyalty Programs Are a Prime Target for Cybercriminals
With millions of members enrolled in restaurant loyalty programs, these systems have become a lucrative target for fraudsters. Attackers often exploit promotions and redemption features, particularly after marketing events, to steal points or access customer data.
➡ Why it matters: IT teams must find ways to secure loyalty programs without adding excessive friction for customers. Balancing security with a seamless user experience is crucial to preventing fraud while maintaining guest engagement.
3. AI Is a Double-Edged Sword
Artificial intelligence is reshaping cybersecurity, both as a defense tool and a weapon for bad actors. AI enables faster data analysis and automated risk detection, but it also allows cybercriminals to scale their attacks, automate phishing campaigns, and exploit vulnerabilities more efficiently.
➡ Why it matters: Restaurant IT teams must be cautious about how AI interacts with company data and ensure proper security measures are in place to prevent unauthorized access or misuse.
4. Cybercriminals Are Moving Faster Than Ever
Cyberattacks are becoming more automated, with bad actors exploiting new vulnerabilities in a matter of days or even hours. Frisk noted that once a security flaw is identified, attackers can scale their efforts rapidly, making swift detection and response critical.
➡ Why it matters: IT teams must invest in real-time monitoring tools and proactive threat detection to respond quickly to emerging cyber risks.
5. Even Small Security Gaps Can Have Big Consequences
Seemingly minor oversights—such as misconfigured AI tools or poorly secured third-party integrations—can expose sensitive data. Enabling AI-powered features without careful review can inadvertently grant access to critical company information.
➡ Why it matters: Restaurant technology teams should regularly audit AI and automation tools, ensuring they don’t introduce hidden security risks.
6. The Future of Cybersecurity: Preparing for What’s Next
Frisk urged IT leaders to think ahead—particularly when it comes to post-quantum cryptography (PQC). Cybercriminals are already harvesting encrypted data with the expectation that future advancements will allow them to decrypt it later.
➡ Why it matters: Restaurant IT teams should begin assessing how their data is stored and protected, ensuring long-term security strategies are in place for evolving threats.
Final Thoughts
Cybersecurity is no longer just an IT issue—it’s a business-wide challenge that requires ongoing education, strategic planning, and adaptive technology. As attackers become more sophisticated, restaurant technologists must stay ahead by implementing proactive defenses, educating staff, and balancing security with a seamless guest experience.
