The Lessons to Learn from Latest Airport Cyber Attacks

Flight cancellations and lengthy delays have struck Heathrow, Brussels and Berlin airports amid a coordinated cyberattack, prompting cybersecurity experts to warn of the cascading risks created when attackers target shared infrastructure.

“This is a live and developing situation so the full details of the exact nature of the disruption is not yet known,” says Bernard Montel, EMEA Technical Director and Security Strategist at Tenable. “That said, the fact that multiple international airports are impacted serves as a sharp reminder of the profound risks that vulnerabilities and insecure configurations in third-party systems can create.”

The attack shows how quickly digital threats can paralyse critical operations when they target the shared systems that underpin modern aviation, forcing airlines and airport operators to scramble for solutions whilst investigating what had been compromised.

Tenable: Disruption linked to NIS2 concerns

The timing coincides with European companies preparing for enhanced cybersecurity requirements under the updated NIS2 Directive. Bernard sees a direct connection between the attack and regulatory concerns. “This threat vector is something that is acknowledged and tried to be addressed in the new iteration of the NIS2 Directive,” he explains.

Airports depend heavily on third-party suppliers for everything from baggage handling to passenger processing, creating multiple entry points that attackers can exploit. When one system fails, the effects ripple through interconnected networks, affecting operations far beyond the initial target.

Bernard expects the investigation to take considerable time to unravel. “In the coming days, weeks and even months more information about what is behind this disruption will become clear,” he says. “For now, all we see is the widespread upheaval created by targeting of critical lynchpins within our critical infrastructure.”

KnowBe4 advocate emphasises graceful failure planning

The chaos reveals what happens when shared systems break without adequate backup plans, according to Javvad Malik, Lead Security Awareness Advocate at KnowBe4. “Air travel depends on shared systems, so a failure in a common check‑in platform quickly cascades into missed connections, accessibility shortfalls and staff forced into manual workarounds,” Javvad observes.

His prescription involves assuming primary systems will fail and rehearsing alternatives. “It’s why it is important to build in graceful failure by assuming the primary system will go down and rehearsing manual operations, offline boarding and accessible contingencies, with cross‑trained staff and basic tools ready,” he explains.

Javvad also advocates diversifying suppliers to reduce single points of failure whilst recognising that technology alone cannot solve resilience challenges. “Reduce single points of failure by diversifying providers where feasible, segmenting tenants, and ring‑fencing critical functions so one vendor outage doesn't halt everyone. Above all, communicate clearly and often, prioritise vulnerable passengers, and empower frontline teams to make humane decisions.”

His philosophy extends beyond technical controls. “Resilience isn’t just cyber controls, it’s people, process and communications to ensure ongoing availability.”

Keeper Security CEO warns of supply chain targeting

Darren Guccione, CEO and Co-Founder of Keeper Security, views the disruptions as evidence of attackers deliberately targeting widely-used systems for maximum impact. “Although information is still limited, the disruption at several major European airports highlights how interconnected global transportation has become and how dependent it is on shared digital infrastructure,” Darren states.

This represents a calculated strategy rather than opportunistic attacks. “Adversaries understand that targeting widely used technology services can result in outsized impact, as demonstrated in countless damaging supply chain attacks,” he explains.

Darren advocates zero trust security models where every access request requires verification. “Organisations that rely on third-party systems and vendors need to ensure that every point of access is secured, every connection is monitored and no user or system is automatically trusted,” he notes.

The Keeper Security CEO wants AI integrated into access management to respond rapidly to threats. “Zero trust security models and privileged access management solutions play a central role in that effort. By enforcing least-privilege access and leveraging agentic AI to revoke credentials as soon as risk is detected, organisations can limit the impact of an attack and maintain public confidence in essential services.”

Bernard from Tenable concludes that security teams must shift from reactive incident response to proactive vulnerability management. “For cybersecurity professionals, this acts as an illustration that our focus must shift from simply reacting to incidents to proactively securing our digital ecosystem. The adversary’s identity and motivation are secondary. 

“Truly robust security begins with a strong foundation: identifying the systems that underpin our most vital services and proactively mitigating the vulnerabilities that attackers are most likely to exploit. This is the only way to effectively neutralise the risk.”