Best Event Management Security Audit

Why Cybersecurity needs to be a priority for the Events Industry ?

In the media, we see the targeting of major banks and commercial establishments, but all industries are at risk. The events industry, in particular, provides a prime opportunity for security breaches.

Large amounts of data from buying the tickets to filling in forms containing essential information are recorded for event management purposes. With 1.3 billion corporate events a year, there’s enough opportunity for this information to be taken.

Moreover, the volume of people at events makes it all the more attractive. There were over 85 million attendees’ events last year in the UK alone. Each one of them provides their valuable personal and financial details.

JOIN HANDS with us.

Why Industry is a target for cybercrime (Business Risks)‎

Anything with value has the potential to be a target for cybercrime. Thomas Squeo, chief technology officer of Intrado, explains:- Typically, the two most valuable assets that flow through an event are the content and attendees’ Personally Identifiable Information (PII), such as full name, social security number, bank account and credit card numbers, passport number and email address.

‘Hacktivists’ with a political or social motive sometimes prey on organizations with controversial operations and views, although this is less common.

Cyber criminals may also earmark an event for the simple reason it is easy to do. Ivan Garcia, chief technology officer and co-founder of event management software provider explains:- Attacks on virtual and hybrid events are extremely easy to carry out, even without technical knowledge. It is scary to think anyone could do it with a minimum amount of training and practice.

Cybersecurity in Event Management is a priority.

How Industry is targeted (Technical Threats)‎

Insecure distribution of URL

Insecure distribution of URL and attendee codes that allow for sharing of access. Lack of multi-factor authentication to prove an attendee’s identity. Lack of or poor, implementation of encryption technologies to secure a computing session from eavesdropping or monitoring.

Software vulnerabilities within the virtual event platform

Vulnerabilities on an attendee’s device being used to view the virtual event that could be leveraged against a virtual session via local software or a browser lack of URL filtering and malware scanning of posted content in chat, as well as in questions and answer sections.

Lack of Technology

Lack of technology to prevent screen recording or capturing of the virtual event. This includes screen recording software and the use of cameras that might not be typically allowed in a physical event. Minimal security controls to obfuscate the attendee’s name, company and email address in a virtual event (some vendors provide better controls than others).

The challenges Industry is facing

Identify Cybersecurity Risks

The events industry sector encompasses a diverse range of activities that includes festivals, ‎parades, meetings, conventions, expositions, sport and other special events, planned, ‎coordinated and executed by the event organizing committee, typically categorized as a not-‎for-profit small business with fewer than twenty paid staff (Goldblatt, 2011, Getz, 1997). ‎Cybersecurity risks are uniquely challenging for the event industry sector, not only do event ‎organizers have to protect their business as usual workplaces from cybercrime threats, they ‎also must protect ICT systems at temporary event sites, where thousands of attendees will ‎access event ICT networks for e-commerce, social media and to access other event related ‎digital information ‎

Top tips for securing

All attendees should have a unique URL and access code Obfuscate and do not display ‎attendees’ full names, email addresses. Company automatically mute all attendee’s ‎microphones and only allow attendees cameras if they manually enable them restrict any ‎attachments or URL postings in chat and question and answer windows to specific personnel. All questions and answers should be private to the organizers of the event and can be ‎manually promoted to “view all” after they have been screened Inform attendees if the session ‎will be recorded.If anyone objects, request that they leave the virtual event and await further instructions on ‎viewing the recording inform attendees that all correspondence for the event will only come ‎from these trusted email addresses to avoid third-party phishing attacks unfortunately.‎

Virtual events and attendees from exploitation by cyber attackers‎

It is important to note that not all virtual event platforms offer the security features. It is ‎up to your organization to vet these prior to virtual event vendor selection. And it’s up to the ‎attendee to leave the virtual event if they feel the security practices in place present an ‎unacceptable risk.‎

Despite the weaknesses, the event management industry has numerous chances to ‎strengthen its cybersecurity, Consult us to learn more