The meeting, events, and conference industry is one that hinges on meticulous planning. The level of preparedness we have observed in our three years providing Cyber Security to events has been nothing short of impressive. There seems to be a formal or informal contingency for nearly everything, with an event staff agile enough to handle almost any hiccup. So, why isn’t the same level of attention being paid to cyber threats at these events?
“Cyber” is certainly at the front of the headlines, and the public is probably more aware now than they were before major companies in every industry from finance to entertainment to healthcare to even government were hacked over the past 2-3 years. The lack of attention by event planners may have a lot to do with the Event Planning Industry itself. Whether it’s promoting, publicizing, or sharing, the goal is to get information out not restrict it. But what if someone wanted to use that transparency against you?
Consider the following: what if someone hacked your registration kiosk or website and stole all your attendees contact info; impersonated or shut down your conference Wi-Fi; attempted to disrupt your AV equipment; set up cell phone intercept equipment and gained access to personal info; exploited your conference app and started sending out fake updates? At a minimum, this could result in negative attention or an embarrassing disruption at your event. Worst case, the threat results in long-standing harm to reputations, loss of sensitive, personal/business information, or major financial damage.
“My event isn’t at risk, though. We just do (x)”. Everything from mischief to malice to financial gain all come into play. Your event might not be the target, and you could just be the victim of a venue that is a particularly soft target. Maybe it’s your key note speaker or VIP panel that carries the high-profile risk. With that said, it could be your event that is the target. Certain industries are just more likely than others to attract protestors and activists. Perhaps your organization recently made a public move that upset a group of people?
Bottom line is that, in an industry that plans for everything, there seems to be little attention paid to a very large, potential threat. As with most planning, this becomes a risk identification, threshold, and mitigation discussion. The risk is compelling enough to at least warrant injecting a discussion with a Cyber Security professional into your next event’s planning cycle.
Post contributed by Sean Donahoo, CEO of cyber security company Disruptive Solutions