In the media, we see the targeting of major banks and commercial establishments, but all industries are at risk. The events industry, in particular, provides a prime opportunity for security breaches.
Large amounts of data from buying the tickets to filling in forms containing essential information are recorded for event management purposes. With 1.3 billion corporate events a year, there’s enough opportunity for this information to be taken.
Moreover, the volume of people at events makes it all the more attractive. There were over 85 million attendees’ events last year in the UK alone. Each one of them provides their valuable personal and financial details.
Anything with value has the potential to be a target for cybercrime. Thomas Squeo, chief technology officer of Intrado, explains:- Typically, the two most valuable assets that flow through an event are the content and attendees’ Personally Identifiable Information (PII), such as full name, social security number, bank account and credit card numbers, passport number and email address.
‘Hacktivists’ with a political or social motive sometimes prey on organizations with controversial operations and views, although this is less common.
Cyber criminals may also earmark an event for the simple reason it is easy to do. Ivan Garcia, chief technology officer and co-founder of event management software provider explains:- Attacks on virtual and hybrid events are extremely easy to carry out, even without technical knowledge. It is scary to think anyone could do it with a minimum amount of training and practice.
The events industry sector encompasses a diverse range of activities that includes festivals, parades, meetings, conventions, expositions, sport and other special events, planned, coordinated and executed by the event organizing committee, typically categorized as a not-for-profit small business with fewer than twenty paid staff (Goldblatt, 2011, Getz, 1997). Cybersecurity risks are uniquely challenging for the event industry sector, not only do event organizers have to protect their business as usual workplaces from cybercrime threats, they also must protect ICT systems at temporary event sites, where thousands of attendees will access event ICT networks for e-commerce, social media and to access other event related digital information
All attendees should have a unique URL and access code Obfuscate and do not display attendees’ full names, email addresses. Company automatically mute all attendee’s microphones and only allow attendees cameras if they manually enable them restrict any attachments or URL postings in chat and question and answer windows to specific personnel. All questions and answers should be private to the organizers of the event and can be manually promoted to “view all” after they have been screened Inform attendees if the session will be recorded.If anyone objects, request that they leave the virtual event and await further instructions on viewing the recording inform attendees that all correspondence for the event will only come from these trusted email addresses to avoid third-party phishing attacks unfortunately.
It is important to note that not all virtual event platforms offer the security features. It is up to your organization to vet these prior to virtual event vendor selection. And it’s up to the attendee to leave the virtual event if they feel the security practices in place present an unacceptable risk.