{"id":3628,"date":"2025-06-17T14:27:49","date_gmt":"2025-06-17T13:27:49","guid":{"rendered":"https:\/\/aegislens.com\/home\/?p=3628"},"modified":"2025-06-17T14:27:49","modified_gmt":"2025-06-17T13:27:49","slug":"the-underrated-threat-why-hackers-thrive-at-events-and-cisos-should-amp-up-their-guard","status":"publish","type":"post","link":"https:\/\/aegislens.com\/home\/the-underrated-threat-why-hackers-thrive-at-events-and-cisos-should-amp-up-their-guard\/","title":{"rendered":"The Underrated Threat: Why Hackers Thrive at Events and CISOs Should Amp Up Their Guard"},"content":{"rendered":"

Hackers love events.<\/p>\n

Why aren\u2019t more CISOs paying attention?<\/h1>\n

For any organization, the rise of digital platforms, remote working, and cloud-based services has increased the complexity of managing cybersecurity risks.<\/p>\n

However, there is one area that is often overlooked by Chief Information Security Officers (CISOs) – live events.<\/p>\n

Conferences, trade shows, product launches, and shareholder meetings gather people, devices, and sensitive information in one place, which makes them particularly attractive targets for cyber criminals.<\/p>\n

In fact, high-profile events have been on the radar of hackers for years.<\/p>\n

In 2018, for instance, the finish line cameras at the Boston Marathon were subjected to a cyber attack, which fortunately was intercepted before it could do any harm.<\/p>\n

In 2015, the French TV5Monde was victim to a severe cyber attack, believed to be retribution for France\u2019s support for the Iraqi military action.<\/p>\n

It disabled the network’s broadcasting equipment during a live debate on ISIS.<\/p>\n

The unique challenges of event cybersecurity<\/h2>\n

The primary challenge with these events is that they bring together digital and physical systems, creating an environment for technical vulnerabilities and human error.<\/p>\n

Take a typical conference, for example.<\/p>\n

There could be live polling apps that hold attendee data, Wi-Fi networks for thousands of attendees, and video screens broadcasting from remote locations.<\/p>\n

The scope for a potential cyber attack is vast.<\/p>\n

On a physical level, events often involve branded USB drives, passes with embedded RFID chips, and technology-packed exhibitor stands.<\/p>\n

These elements can also be hacked or abused.<\/p>\n

Criminals could install malware on a branded USB drive or clone an RFID pass for access to restricted areas.<\/p>\n

Practical advice for CISOs<\/h2>\n

While it might seem overwhelming, CISOs can establish best practices to minimize these risks.<\/p>\n

Here are few key considerations:<\/p>\n

Conduct a risk assessment<\/strong>: It is crucial to conduct risk assessments prior to the event.<\/p>\n

These assessments should encompass digital systems, physical systems, personnel, equipment, processes, and supply chains involved.<\/p>\n

Apply security hygiene standards<\/strong>: Promote cybersecurity awareness among attendees.<\/p>\n

Do not offer free USBs and avoid using RFID passes if possible.<\/p>\n

If they must be used, ensure there are strict access controls.<\/p>\n

Collaborate with event organizers<\/strong>: Collaboration and communication with event organizers, production teams, IT staff, and others are key ingredients to ensure a comprehensive and effective plan is in place.<\/p>\n

Have a response plan<\/strong>: Finally, have an incident response plan in place so that any security incidents can be quickly identified, isolated, and addressed.<\/p>\n

It\u2019s not just about avoiding an incident, but being able to navigate through one effectively.<\/p>\n

In conclusion, cybersecurity is never to be ignored or put on the back-burner, especially in critical situations such as at live events.<\/p>\n

The temporary nature of these events or conferences doesn’t reduce the risk, it rather enhances it.<\/p>\n

It is high time CISOs started considering event-specific cybersecurity measures in their overarching security strategy.<\/p>\n

Follow-Up Reading<\/h3>\n