Jose Bort, CEO & co-founder of EventsCase, says awareness is the first step in tackling cyber crime.
Cyber security continues to represent a growing and complex issue for industries the world over. It’s an easy problem to ignore, especially among those with little idea of why a criminal would target their business over anyone else’s. Yet, if there’s one thing we’ve gathered from recent reports, it’s that very few industries are escaping the unprecedented rise in cyber attacks.
According to The Department for Business, Innovation and Skills, 87 per cent of UK small businesses have encountered some form of digital security breach, with this rising to 93 per cent among large firms. A separate report, from CyberSecurity Ventures, estimates the global cost of cyber attacks at $6tn by 2021 – double the $3tn calculated in 2015.
Events seem like a fairly safe space – perhaps lower in the pecking order to governments, IT firms and banks. We’ve seen first-hand the damage inflicted on organisations carrying that same perception. In truth, there are some very legitimate reasons as to why an event could or would be attacked, and they are definitely worth revising.
In most incidents of a hacker targeting an event, the situation often boils down to financial gain. Events store reams of valuable and sensitive information on their apps and websites, including bank details and email addresses, which provide the necessary fuel for cases of identity fraud.
Sometimes, there is a political or social motive at play. ‘Hacktivists’ have been leading the recent spate of ‘Distributed Denial of Service’ (DDoS) attacks on various organisations, directed at any outfit with controversial operations and views. These are capable of limiting access to event registration platforms that do not have the necessary DDoS and malware protection for their servers.
We’ve seen incidents targeting a venue’s Wi-Fi connection – the intermediary for exchanges between event platforms and attendees. Without the correct protocols, the venue can see itself listed as a target for ‘man in the middle’ attacks. These tap into the Wi-Fi router to intercept communications, leading to the capture of login data for bank accounts, email addresses and more.
All the while, event organisers are being told – quite rightly – that data is king. We are storing more information than ever before, on potentially thousands of people over the course of a busy month. Events are sounding the alarm for any hacker that wants to access a list of sensitive records in one fell swoop.
Rather than ignoring the issue, we should be meeting it head-on through a more stringent examination of our technologies and processes. If we’re heading to a new venue – one that provides on-site Wi-Fi – it’s important to check whether it makes logs of all connections to the router. When using an event management technology, you should ask to see how frequently their servers are tested by security experts. It’s these simple and obvious questions that prevent attacks before they’re allowed to happen.
Forward-thinking companies like Tesla and Google take things further by hiring the people that infiltrate their systems as testers. While this seems a little excessive, it’s the kind of proactive measure that really signals a commitment to fighting such an important threat.
Securing information is crucial to any business. To prepare ourselves for a gradual increase in cyber attacks, the events industry has to realise the value of the data it holds, as well as its responsibility to keep everything guarded. Awareness is the first step forward.