Cybersecurity and events – new challenges for the industry!

 Behind the digital scenes: The impact of cybersecurity on event organization

Securing the spotlight: How cybersecurity is transforming the events industry ahead of the Paris 2024 Olympics

In the run-up to the Olympic Games, cybersecurity issues are multiplying all the time, and our customers are asking us more and more about these subjects: security documents to be completed, intrusion tests, etc.

When asked whether a particular site or event is at risk, the answer is unfortunately always yes. Thanks to our monitoring tools, we are able to observe the following trends in all the domains we manage almost daily intrusion attempts ; these cyberthreats are not necessarily targeted against us or the events we host, and are usually initiated by opportunistic bots, looking for known vulnerabilities in any system.

Network alert: Preventing cyber attacks in major events

So we need to be vigilant at all times, and take a proactive approach to protect ourselves and our customers’ data. With this in mind, we have been running penetration tests on our systems for several years now, and have taken the initiative of obtaining ISO 27001 certification in 2023. The latter enabled us to gain in maturity and to step up all our internal procedures, the choice of our partners, and risk management.

Raising employee awareness and training on cyber attacks

A large number of successful attacks are not based solely on the discovery of vulnerabilities, but rather on “social engineering”: phishing, information retrieval from an internal person, and so on. One of the weakest links in the system is the human element, so all employees need to be made aware of the risks (as well as good practices in terms of privacy and RGPD).

It’s also important to limit password risks on event platforms:

  • no reuse
  • no weak word
  • no password written on post-its…

=> generalize the use of password managers, and promote the use of SSO* to eliminate the need for passwords everywhere. In fact, we encourage all our customers (event agencies or advertisers’ communications departments) to use their SSO to connect to the backoffice (or to event sites for in-house events).

*The Single Sign-on (SSO) is a session and user authentication service that allows a user to use a set of credentials (e.g. name and password) to access multiple applications. SSO can be used by businesses, small organizations and individuals to mitigate the management of various usernames and passwords.

Implementing good development practices: the OWASP Top 10

Developers and designers should also be made aware of the most common risks, including the OWASP Top 10:

We always seek to work with secure partners and proven libraries (for example, to block SQL injections).

This also involves monitoring vulnerabilities in dependencies: a vulnerability may be discovered in a dependency that was previously vulnerability-free, so it needs to be updated.

Identify, classify and treat risks

This is one of the key points that ISO 27001 has enabled us to work on: taking the time to clearly list all the risks (to security or to the availability of our services), to put countermeasures in place, and to test them.

A backup (for data) or a plan B (in the event of a crisis) is only of value if it’s been tested and you’re confident that it will work. If you have to restore a backup only to find that it’s been empty for months, it’s too late.

Carry out security audits and penetration tests

No matter how well we plan, zero-defects are rare. Bugs can exist, and we have to actively seek them out.

The pentests we carry out are always a rich source of information, both on where we’ve succeeded (where the pentesters haven’t managed to do anything) and on where there’s still room for improvement.

If you’ve never had a pentest performed, I urge you to do so quickly: perhaps your system is already very secure (and I hope you are), but you may also be in for some surprises…
And the methodology used corresponds to the types of attack you’re likely to experience, so anything that can be discovered is good to patch.

For your security, the event CRM you urgently need

With AppCraft’s CRM platform, bring all your tools together in one place and create a seamless event experience for your attendees, guests and exhibitors. You can seamlessly manage registrations, participants and content.

AppCraft, a safe solution

Your corporate event deserves a standing ovation, not a cyber-intrusion!

  • We are ISO 27001 certified.
  • Methodical compliance with RGPD.
  • Our developers and servers are located in France, ensuring that your data is protected by French and European legislation.
  • Secure login with SSO or individual login and password.
  • Regularly audited by Synactiv and Orange Cyberdefense.
  • AppCraft is open to penetration testing by your IT departments.
No podcasts