A growing dependence on information technology in the event cycle must come with an equal commitment to securing a safe cyberspace.
Information technology (IT) is a powerful and indispensable tool, but it is also a double-edged sword and businesses are paying more attention to the downside as cybercrimes affecting online platforms cost the global economy some US$450 billion in 2016, according to a recent report. The figure is forecast to escalate to US$3 trillion by 2020.
Earlier this year some MNCs like the National Health Service in the UK, Spain’s Telefónica, FedEx and Deutsche Bahn were hit on May 12 by the WannaCry ransomware attack which encrypted data and affected more than 230,000 computers in 150 countries.
Later that month, British Airways suffered a major IT system failure that crippled its operating systems, call centres, websites and mobile apps on May 26, forcing the carrier to cancel all flights out of Heathrow and Gatwick airports.
Last year, ICCA members who attended the General Assembly (GA) in Kuching faced technical problems during the online voting exercise and the association had to move to a back-up paper voting system.
ICCA said the situation was caused by factors such as the local WiFi network capacity, the congress app functionality and a hacking from malware that was discovered on a delegate’s smartphone.
ICCA has now chosen to use a secure website and an extended voting window to guarantee all members are able to exercise their right to vote and to reduce future risks to the absolute minimum.
These recent incidents are a wake-up call for the industry as show organisers and suppliers handle gigabytes of sensitive data such as company profiles, delegate names, addresses and credit card, mobile and passport numbers, etc. Adding to the risks are some delegates who do not think twice about logging on to free – and often unsecured – WiFi when available.
An organiser’s responsibility
So, what can meeting planners and the industry do to enhance cybersecurity?
The IT strategist of a leading international event management company opined: “We work with a few parties for any event IT and frankly nobody wants to be responsible. So it falls on us as the organiser and the app developer to do the testing and checking. On my wish list is for the venue to be the third tier.”
He added that most show organisers do not have an in-house IT specialist or app developer who can keep in mind the comprehensive platforms needs, advise on cost, set up special firewalls and decide whether or not to rely on the venue’s WiFi.
The IT strategist further said: “We always advise our clients to buy insurance if they require a high-level of service to ensure voting goes smoothly. Ultimately, the organiser has to block all members from using social media during any 30-minuted AGM poll, otherwise it will slow WiFi speed down.
“The organiser has to look into such details and also set aside (an IT) budget to negotiate with the venue to be sure. Since the WannaCry ransomware attack, clients are more concerned about their app testing properly and are asking for extra checks to be carried out.”
The IT strategist suggested that event organisers create a Standard Operating Procedure and not “base dealings on trust and be honest and upfront with the client about free WiFi and up to what level it will work”.
Jack Chia, executive director of MP International, which organised the biennial INTERPOL World 2017 in Singapore in July, told TTGmice that besides taking a more proactive approach in safeguarding venues, event organisers today must also “have in place a continuity plan in case of an attack, especially for mission critical systems such as delegate registration”.
Venues play a part
Among delegates who attended INTERPOL World shortly after the malware NotPetya attack in late-June, was Michael Hershman, Group CEO, International Centre for Sport Security (ICSS).
On venue safeguards for major sports events, he said ICSS encourages an integrated approach that it is included throughout all operational and planning areas and between public and private stakeholders at an early stage.
“One piece of advice for venues around their cybersecurity planning…collaborate closely and share as much data as possible with local and national government, as well as law enforcement and private security firms to ensure they are aware of the cybersecurity challenges that your venue faces and can put in place the right resources to protect it from a possible hack,” Hershman said.
To secure their IT and WiFi systems, Hershman said venues and events must introduce stronger encryption methods, offer secure applications to access WiFi, and pre-monitor and track potentially harmful websites.
Suntec Singapore Convention & Exhibition Centre, one of the busiest business event venues in Singapore, moved to a Cloud Computing-based system in 2013 when its modernisation programme was completed and the centre works closely with partners when planning various aspects of events.
CEO Arun Madhok said: “We conduct regular reviews of our safety and security protocols. Our team members ran extra checks to ensure all patches and updates were in place across our staff computers following the WannaCry ransomware attack.”
But when asked if any clients had asked for stepped-up measures shortly after the WannaCry episode, Madhok remarked that “TTGmice is the first organisation to request for information on this specific issue”.
HOT TIPS
Stephan Neumeier, managing director of Kaspersky Lab, a multinational cybersecurity and antivirus provider, shares these simple steps to protect a service provider’s wireless network and router and what event attendees need to be aware of
• Avoid using the default password
It is easy for a hacker to find out the manufacturer’s default password for your wireless router and then use that password to access your wireless network. Change the administrator password for your wireless router. When you are deciding on your new password, pick a complex series of numbers and letters
• Don’t let your wireless device announce its presence
Switch off SSID (Service Set Identifier) broadcasting to prevent your wireless device from announcing its presence to the world
• Change your device’s SSID name
Again, it is easy for a hacker to find out the manufacturer’s default SSID name for your device and then use that to locate your wireless network. Change the default SSID name of your device and try to avoid using a name that can be guessed easily
• Encrypt your data
In your connection settings, make sure you enable encryption. If your device supports WPA (WiFi protected access) encryption, use that. If not, use WEP (wired equivalent privacy) encryption
• Protect against malware and Internet attacks
Make sure you install a rigorous anti-malware product on all of your computers and other devices. In order to keep your anti-malware protection up to date, select the automatic update option within the product
Case: Playing it safe at SingEx
SingEx Holdings, which manages the Singapore EXPO Convention and Exhibition Centre and MAX Atria, takes cybersecurity threats seriously and protecting data integrity for all staff and customers is a top priority.
According to Michael Lim, director, HR & IT, SingEx Holdings, robust sets of perimeter defences for both public and private networks, which are separate and independent from each other, are in place.
Lim explained that private-user groups comprising staff network and regional office systems are secured through a three-pronged defence approach – Cloud Security, Network Defence and End Point User Protection – which protects platforms, systems and devices.
“Cloud Security is established through server protection on workload and vulnerabilities on usual network security, or firewall,” he noted, adding that for Network Defence, SingEx has evolved from the traditional static, signature-based anti-intrusion mechanism into behaviour-based, machine learning-driven technology.
“Processes are monitored for ‘telltale’ signs of malicious behaviour and stops suspicious activities before it becomes critical. In the event that the basic perimeter defence is breached, SingEx uses AI algorithms mimicking the human immune system to defend enterprise attacks.”
Lim further shared that the company’s End Point User Protection is secured through protecting individual users’ information, devices and applications on both physical and virtual platforms.
For public user groups, like public WiFi networks set up for delegates and exhibitors in events organised by SingEx, a different approach is taken. As it is not possible to construct a perimeter defence that is completely foolproof due to inability to control end-point (user) behaviour, SingEx partners top notch service providers ensuring the latest in security applications are in place.
Lim commented: “We can count on our web hosts’ in-built Intrusion Detection Systems, DDoS (distributed denial-of-service) protection, web-application firewalls protection and OWASP (Open Web Application Security Project) protection against vulnerabilities, to name a few.
“For clients of Singapore EXPO and MAX Atria, our existing venue setup is also capable of containing the spread of potentially malicious malware through the partitioning of user groups into virtual LANs served by different radius servers.”
This article was updated on October 11, 2017
