Cover Feature
Sitting ducks?
Jose Bort, CEO & co-founder of EventsCase, says
awareness is the first step in tackling cyber crime
Cyber security continues to represent a
growing and complex issue for industries the
world over. It’s an easy problem to ignore,
especially among those with little idea of
why a criminal would target their business
over anyone else’s. Yet, if there’s one thing
we’ve gathered from recent reports, it’s
that very few industries are escaping the
unprecedented rise in cyber attacks.
According to The Department for Business,
Innovation and Skills, 87 per cent of UK small
businesses have encountered some form of
digital security breach, with this rising to 93
per cent among large firms. A separate report,
from CyberSecurity Ventures, estimates the
global cost of cyber attacks at $6tn by 2021 –
double the $3tn calculated in 2015.
Events seem like a fairly safe space – perhaps
lower in the pecking order to governments,
IT firms and banks. We’ve seen first-hand the
damage inflicted on organisations carrying
that same perception. In truth, there are some
very legitimate reasons as to why an event
could or would be attacked, and they are
definitely worth revising.
In most incidents of a hacker targeting
an event, the situation often boils down to
financial gain. Events store reams of valuable
and sensitive information on their apps and
websites, including bank details and email
addresses, which provide the necessary fuel for
cases of identity fraud.
Sometimes, there is a political or social
motive at play. ‘Hacktivists’ have been
leading the recent spate of ‘Distributed
Denial of Service’ (DDoS) attacks on various
organisations, directed at any outfit with
controversial operations and views. These are
capable of limiting access to event registration
platforms that do not have the necessary DDoS
and malware protection for their servers.
We’ve seen incidents targeting a venue’s Wi-
Fi connection – the intermediary for exchanges
between event platforms and attendees.
Without the correct protocols, the venue can
see itself listed as a target for ‘man in the
middle’ attacks. These tap into the Wi-Fi router
to intercept communications, leading to the
capture of login data for bank accounts, email
addresses and more.
All the while, event organisers are being
told – quite rightly – that data is king. We are
storing more information than ever before, on
potentially thousands of people over the course
of a busy month. Events are sounding the
alarm for any hacker that wants to access a list
of sensitive records in one fell swoop.
Rather than ignoring the issue, we should
be meeting it head-on through a more
stringent examination of our technologies
and processes. If we’re heading to a new
venue – one that provides on-site Wi-Fi – it’s
important to check whether it makes logs of all
connections to the router. When using an event
management technology, you should ask to
see how frequently their servers are tested by
security experts. It’s these simple and obvious
questions that prevent attacks before they’re
allowed to happen.
Forward-thinking companies like Tesla
and Google take things further by hiring the
people that infiltrate their systems as testers.
While this seems a little excessive, it’s the
kind of proactive measure that really signals
a commitment to fighting such an important
threat.
Securing information is crucial to any
business. To prepare ourselves for a gradual
increase in cyber attacks, the events industry
has to realise the value of the data it holds, as
well as its responsibility to keep everything
guarded. Awareness is the first step forward.
“Events are sounding the alarm
for any hacker that wants
to access a list of sensitive
records in one fell swoop.”
May — 27