The rise of cyber attacks

Four tech experts explain why event profs need to protect themselves against cyber attacks, sooner rather than later.

Twitter Facebook Google+ LinkedIn
Cyber-attack-stock-new-resized.jpg

When it comes to cyber security, there are no absolutes.

 

“Security is a line,” Simon Clayton, chief ideas officer at RefTech, tells EN. “At one end you’ve got a machine that’s really easy to access, on the internet permanently and has no password: accessible but not secure.

 

“At the other end of the scale you’ve got a computer that’s not connected to anything, has no power and a flat battery and is buried in concrete: secure but not accessible.

 

“Security is finding your happy point along that line.”

 

Over the past several years, a number of high profile hacks have been making headlines in the UK and internationally. In October 2015, a massive cyber attack against internet provider TalkTalk saw 157,000 customers’ details stolen, costing the company an estimated £60m.

 

Another data breach saw the personal information of around 32m users of infidelity dating site Ashley Madison stolen and published online.

 

With these large-scale attacks causing such chaos, event organisers may well be wondering what more can be done to protect the information of their visitors and exhibitors.

 

Human error

 

The good news (or perhaps the bad news) is that a huge number of data breaches are the result of human error.

 

In early 2016, Google teamed up with the Universities of Michigan and Illinois to conduct a cyber security experiment, which posed a simple question: would users plug in a USB drive they found in the street?

 

The answer, at least 48 per cent of the time, was yes.

 

“Most data breaches come from mundane, stupid stuff,” says Clayton. “In 2003 there was a study that asked commuters at London Waterloo to reveal their network password in exchange for a free pen. Not even an expensive pen. Ninety per cent revealed their password.”

 

While this does mean that no matter how much a business spends it cannot completely guarantee security, it also means that there are some simple and inexpensive steps organisers can take to make their data safer.

 

“Passwords is one of the most common weaknesses that people don’t take seriously enough,” says David Chalmers, senior marketing director, Europe, at Cvent. “Strong password formats should be enforced, with regular expiry and updates.

 

“They should never be shared or stored publicly, and if you do use shared accounts always remember to deactivate accounts for users who leave your company or change roles.”

 

Sharing information between large groups, emailing (rather than sharing) important spreadsheets and transporting information on unencrypted machines are also behaviours that are best avoided when it comes to cyber security.

 

“Emailing a spreadsheet of personal data is possibly the worst thing that you could do, and it happens all day every day,” says Clayton.

 

Gone phishing

 

The types of attack a website or business can experience are incredibly varied, ranging from amateurish spam to sophisticated and specifically targeted acts of sabotage or theft.

 

One common type of attack, which almost everyone with an email address will have experienced, is ‘phishing’. Phishing frequently takes the form of a malicious email masquerading, or attempting to masquerade, as a trusted source.

 

This could be anything from a foreign prince looking to share his vast fortune to a seemingly mundane email from a local bank.

 

One particularly stomach-churning example has taken advantage of the Syrian refugee crisis to try and trick well-meaning internet users out of their hard-earned cash.

 

“Phishing can also come in the form of a fake web page asking you to provide your login and password,” adds Chalmers. “Any reliable software company will never ask you to do this in any of these ways. Your event webpage can be copied and used for phishing, so watch out for that.”

 

Event organisers should also pay attention to what happens to the data collected from visitors and exhibitors, adds digital law specialist Heather Burns.

 

“No one is a happy bunny when they register for an event and start getting spammed off the exhibitors,” she says.

 

Organisers should be clear on their event registration page about what will happen to the data that is being collected.

 

“Is the data being passed to third parties?” asks Burns. “Is it being transferred overseas?”

 

Hold it ransom

 

Another common type of attack is ransomware, which commonly attacks private businesses but has also made headlines internationally for targeting police forces and universities.

 

“Ransomware is the fasted growing malware in the world at the moment,” explains Clayton.

 

“You accidentally open an email attachment that you shouldn’t, it encrypts your entire hard drive, and then says if you want it back then you need to pay this ransom. They’re making millions of dollars.”

 

Certain events can be subject to attack because of particular people speaking at or even just attending them.

 

“Tech events have been targeted and hacked, the G20 was targeted and their attendees were revealed, a high profile security conference was hacked,” says Clayton. “There are different pockets of problems.”

 

The worlds of tech and gaming in particular have been enthralled in an on-going controversy, known as Gamergate, since August 2014. Gamergate saw several high profile female figures in the gaming industry being intimidated and targeted, some of which continues to this day.

 

“There’s a woman who is central to that, and it’s got to the point where bomb threats have been called into schools where she has been speaking,” explains Burns. “But that is an extreme case, it’s not something that the average event organiser will have to deal with.”

 

“The event you are undertaking should relate to the security planning you undertake in the cyber arena just as in the physical world,” adds Kieron Garlic, MD of Present Communications.

 

“The potential rewards for a hacker vary according to the nature of an event, from corporate jeopardy, the accessing of confidential information or even state sponsored attacks.”

 

Ch-ch-ch-changes

 

On 25 May 2018, a new data protection regulation will take effect, one with significant and far-reaching implications for event organisers in the UK.

 

“Many organisers are completely oblivious to the fact that they have not only a moral but a legal responsibility. It’s really scary,” continues Burns. “The new regulations have teeth. There are penalty fines and all sorts.

 

“We never like to scaremonger people, but it’s actually really good in the lead up to 2018 for people to be a little bit scared. It’s going to make everyone sit up and get to grips with it. We are telling people to start now. Data protection is about on-going business processes, this isn’t a tick box exercise you can slot together the week before it takes effect.”

 

The rise of the Internet of Things (IoT), adds Garlic, could also prompt a sea change in cyber security.

 

“As every light bulb, speaker and microphone becomes a network connected device, there is much more to do to protect from a cyber-attack that could terminate your event and ruin a reputation,” he says.

 

Whatever the future holds for cyber security, event profs need to be prepared for the huge impact that it will have on businesses in the EU, Even Brexit won’t prevent UK businesses from being subject to the new regulations set to take effect in 2018.

 

“In order to continue doing business with Europe, the UK will have to prove that it has a data protective regime that is equal to the EU’s regime,” explains Burns.

 

“If it’s not adequate then we can’t do business with them. Brexit is irrelevant.”

Twitter Facebook Google+ LinkedIn

Related Stories

Senior Sales Professional

Are you a highly motivated senior sales professional with a proven track record of new business development and account management forged in the events industry? If so, then we may have your next exciting career step.

F3 secures Watford FC contract

F3, the joint venture between One Event Management and Legends of the US, has won a 10-year contract with Watford Football Club.

Conference Sales Executive

Easyfairs UK & Global is growing rapidly, having made a number of recent acquisitions, and with many global launches in the pipeline. As such, it is a very dynamic and exciting team to join, with some exciting opportunities for driven, energetic and passionate individuals.

Elsewhere on EN

Tarsus Group acquires Connect Meetings

Tarsus Group acquires Connect Meetings

B2B media group Tarsus Group has acquired 80 per cent of the share capital of US business travel and meetings event organiser Connect Meetings.
AEO launches Development Board

AEO launches Development Board

The Association of Event Organisers (AEO) has announced the formation of a Development Board, with the aim of ensuring that the AEO delivers value to all members.
F3 secures Watford FC contract

F3 secures Watford FC contract

F3, the joint venture between One Event Management and Legends of the US, has won a 10-year contract with Watford Football Club.

WATCH THE EN AWARDS 2016 HIGHLIGHTS


silverstream.tv

Most read Stories

Building emerald cities

Building emerald cities

From Malaria to Blenheim, through to UBM, Jane Risby-Rose – the 20-year story of her yellow brick road industry journey.
5 top marketing tips from AEO Forums 2016

5 top marketing tips from AEO Forums 2016

Looking to the future and learning from the past at AEO Forums 2016.
2 Minutes with Sarah Mayo

2 Minutes with Sarah Mayo

Sarah Mayo, marketing director EMEA, Freeman and FreemanXP talks about her new role, playing golf with Westlife and the skills needed in our industry.

Latest News

Tarsus Group acquires Connect Meetings

Tarsus Group acquires Connect Meetings

B2B media group Tarsus Group has acquired 80 per cent of the share capital of US business travel and meetings event organiser Connect Meetings.
AEO launches Development Board

AEO launches Development Board

The Association of Event Organisers (AEO) has announced the formation of a Development Board, with the aim of ensuring that the AEO delivers value to all members.
F3 secures Watford FC contract

F3 secures Watford FC contract

F3, the joint venture between One Event Management and Legends of the US, has won a 10-year contract with Watford Football Club.

Latest Galleries

ESSA 2016 Conference of Things

ESSA 2016 Conference of Things

This year’s ESSA Conference achieved a record attendance of delegates from across the events supplier industry, representing over 100 companies at Ricoh Arena, on 24 November.
The Prosthetics Event 2016

The Prosthetics Event 2016

Exhibition, education and shopping show The Prosthetics Event, returned to Conference Aston in Birmingham for the third consecutive year on 19 November.
World Travel Market London 2016

World Travel Market London 2016

World Travel Market (WTM) London 2016, which took place on 7-9 November at ExCeL London, celebrated its most successful show yet with a joint record attendance of 51,500.

Latest Opinions

Paul Byrom: Opportunity knocks

Paul Byrom: Opportunity knocks

Paul Byrom, AEO chairman and MD at Upper Street Events on the formation and goals of the new AEO Development Board
The height of safe practice

The height of safe practice

Andrew Harrison, ESSA director on continuing to build a robust, safety-first, working culture in events and exhibitions.
All part of the plan

All part of the plan

Kevin Horler, project director of Vividfish Ltd, on the importance of creating an inbound marketing strategy for your next exhibition.