black hat
Share this post:

Nowhere is Safe … Or Is It?: Cybersecurity in the tradeshow and event industry

by Amadeus Finlay

We live in an interconnected global network driven by technology and the exchange of data. Every day, this community (of which the tradeshow and convention industry is a part), processes an average of 2.5 quintillion bytes of digital information; or, roughly the memory capacity of 78 million laptops. But this is just a sliver of a much larger pie. Seventy percent of the globe’s GDP has undergone digitization, which means almost everything that signifies and governs modern society is stored in an intangible, and potentially, highly vulnerable form somewhere in the digital ether.

The benefits of a highly organized, rapidly accessible network of information are obvious and well documented, but having so much of our existence tied up in a cloud has also resulted in a dangerous, predatory world where nothing is truly safe. According to Statista, 4,100 data breaches occurred in the United States in 2022 alone, exposing almost 22 billion records to malicious agents across the world. And of all the industries that these malicious agents go after, the tradeshow and convention industry is one of those vulnerable to attack.

Events and conferences are prime targets for cyber criminals,” explains Tom Shanley, senior vice president of technical services at SmartSource, due to there being many attendees connected to Wi-Fi with limited or no security measures, utilizing mobile devices with sensitive data, usually in the form of email.

Events and conferences typically have many presenters with bifurcated internet,” continues Shanley, and as a result, hackers targeting events typically do not target the entire event and instead focus on those presenters or portions of the show with the weakest cybersecurity measures.”

Which means each event requires extensive preventive work to identify, patch and protect the areas where cybersecurity is at its weakest long before the show floor even opens. 

Think of cybersecurity as a football match where one side wants to find ways to keep data under lock and key, while the other wants to access and utilize all data, regardless of intent or ownership. When one side finds a solution that stops the other, the response is a new approach to hacking. Which requires a whole new set of solutions to prevent it, and it never ends. 

It all comes down to data. On the one hand, data is information, the locks and keys to what matters to us all. But data can also mean power, and power in the wrong hands can lead directly, and swiftly, to corruption. In the tradeshow and event industry, the data that we handle is often highly sensitive (think bank statements, invoices, credit card information, designs that cannot be released) and if any of it got leaked or stolen, the repercussions could be serious. 

Which means intelligent data management is one of the most important operational aspects for a contemporary business to keep in mind, not least those operating in the tradeshow and event industry.   

Organizations will be forced to look for new approaches to manage unstructured data [ie, data that is not well organized and not every item is accounted for, making it vulnerable to abuse],” comments Carl DHalluin, CTO, Datadobi, a global player in unstructured data management and data security solutions. 

Many have already noticed that the pace of unstructured data growth is snowballing exponentially faster than it has in the past. This leads to increased costs, as companies have to buy more storage, and the introduction of risk, as the organization has less knowledge about the data as it ages in its network. Organizations need new solutions to minimize the financial impact and risk their business faces.” 

In short, businesses can ill afford to ignore the vital importance of cybersecurity and structured data management in their daily operations, as Steve Leeper, vice president of Product Marketing at Datadobi, made very clear in a recent press release:

In 2022, unstructured data will play a pivotal role in the success of an organizations environmental, social and governance (ESG) policies. A recent PwC report found that more than 80 percent of individuals are more likely to buy or work for an organization that stands for ESG best practices.”

Sounds complicated, and it is. But this does not mean we are powerless to act. Businesses and organizations, but also individuals, have the ability to understand and update their IT practices. 

Think about the last time you traveled for a job. How many times did you go online? How many different networks did you use to get online? How many times did you access sensitive data on that job? Without realizing it, you exposed yourself to the world in many different ways, and you were vulnerable every single time. 

You dont need to be a high-ranking member within an organization to be at risk for cybercrime,” Shanley explains. Cyber criminals generally target users, computers and networks for monetary gain.”

However, in many cases these criminals simply aim to damage a companys network for reasons other than profit. To do so, more often than not the first breach of an organizations data occurs through the infiltration of a users email, computer or mobile device while connected to Wi-Fi. 

So, what should businesses do?

Ensuring all of your devices and applications require multi-factor authentication should be a baseline security practice for both corporate and public events,” continues Shanley. Attendees should always restrict open file sharing and be wary of public Wi-Fi connections, favoring the use of a VPN [Virtual Private Network].”

There is some debate about VPNs. While VPNs certainly hide your identity to an extent and make it harder to be a target, that technology is not as robust as it’s thought to be. 

VPNs are buggy,” explains Don Boxley, CEO and Co-Founder, DH2i, a California-based IT storage and security firm.The performance has always been spotty and, of course, the security issues are there. It allows for fast and easy lateral network attacks from bad actors.

In 2023, I predict that SDP will finally pull ahead of VPNs as the dominant technology for remotely connecting people and devices,” continues Boxley, but cautions that, one of the most critical drivers here will be awareness and acceptance.”

The industry also needs to be cognizant of the meteoric rise in the use of ransomware, a data hack that results in financial blackmail for the owner to recover the data without it being leaked.

Surya Varanasi, CTO of StorCentric, a secure data management provider in Sunnyvale, California, goes into further detail on the persistent and growing threat of ransomware:

Ransomware will become increasingly aggressive—not just from a commercial standpoint, but from a nation-state warfare perspective as well. For this reason, channel solutions providers and end-users will prioritize data storage solutions that can deliver the most reliable, real-world proven protection and security. 

Features such as lockdown mode, file fingerprinting, asset serialization, metadata authentication, private blockchain and robust data verification algorithms will transition from nice-to-have, to must-have.”

But please, do not worry. Awareness is the first step in any battle, and when it comes to cybersecurity, the second step is complex passwords for critical applications that you regularly reset. The third, arguably, is paying attention to, and attending, industry events such as Global Security Exchange (GSX), DEF CON, which will be celebrating its 30th anniversary when it comes to Caesars in Las Vegas, August 10–13, and Black Hat, held in the Mandalay Bay Convention Center the week prior. The tools and knowledge are there.

If we as professionals in the tradeshow and event industry keep abreast of the challenges surrounding cybersecurity, data management and the threat of ransomware, the frontline battles will start to swing in favor of those fighting the good fight, ensuring that you, your business, your clients and, most importantly, your loved ones are kept safe from the dark side of the internet.

  • Superior Logistics

Related Stories

Trending Now

  • Employco