Understanding the World of Hackers
Most of the news we hear about cyber-attacks these days are concerning large business entities and organisations. However, the threat is also very real for smaller business that could be financially devastated by the fallout and losses inflicted by a cyber-attack. Hackers are becoming increasingly sophisticated in their methods in this digital world and what is more concerning, is that institutions with top-notch security systems, such as banks, have been repeatedly victimised by these type of security breaches.
When it comes to the events industry, from the first moment you opt to collect your attendees’ personal data as well as information of customers and other 3rd parties, your entire event becomes vulnerable to hacking practices. Defining the risks of a potential cyber-attack will later help you select the appropriate solutions for protecting your stakeholders’ data.
Before moving on towards assessing the appropriate solutions for securing your events, are you familiar with the potential hacker’s profile and the reasons behind this illegal behavior?
There are different categories of hackers, depending on their motivations and purposes. Here is a brief explanation to help you get a better understanding of what you should expect from each type:
The Hacker Apprentice
What gets this type going is the feeling of “showing off ” their programming/hacking skills. They are the ones who have been probably learning to write code since their early childhood but aren’t too technically savvy (yet). They can work their way up the cyber-criminal ladder as they get older and more experienced. In many cases, however, most of them will grow out of the hacking phase and move into working in computer -or network- focused professions outside of the cyber-crime field.
What stimulates this category is mainly the financial gains. They usually target login credentials, or trigger users to download malware that could ultimately grant them access to bank credentials. Additionally, spear phishers are commonly after intellectual property and could be part of a larger cyber espionage crew (described in more detail below).
The ”My name is Bond, Hacker Bond” type
This type of cyber-criminal is after information that could possibly create havoc, even warfare. Business information, such as company account details, manufacturing specifications, intellectual property, schematics and so on, are a few assets of what Hacker Bond usually targets.
The “Less Than Perfect Employee” type
The motivation behind this type causing damage to your organisation may vary, it could, however, include revenge, cyber espionage – just for the fun of it, an honest mistake, or equally worryingly pure financial gain.
Just like real world activists take on issues that they believe need to be publicly addressed, hacktivists have a similar mindset, but use digital methods to spread their word – often coming in the form of cyber-attacks. Their motivation could either stem from their goodwill or maliciousness. For instance, hacktivism can be used to attack government policies or just for making a stand.
A key takeaway is that as long as there are data that could be either sold or used to retrieve confidential information, then your event’s stakeholders are running a great risk. When a credit card gets stolen or hacked, for instance, the immediate action is to disable it. But what happens in cases where personal data are stolen, including identity, medical records or financial statements? Chances are you won’t notice until it’s fairly late..
Equally damagingly, hackers can steal information from a company network, either to retrieve something specific through a targeted attack or to steal as much intel as they can via repetitive attacks with the ultimate goal of selling it on the dark web.
The question still remains, however; why would a hacker be interested in an event?
Potential attackers will try to hack your event and steal the data linked to it, as long as they identify potential interest and source of revenue. This is why it is crucial to assess your risk by identifying:
- Who is coming to your event and whether they are high targets for hackers
- What is the event type and the privacy level of the data related to it
- Where is your event taking place, looking at location and country
- What is the theme of your event and why would that be of interest for hackers