Light Dark
August 3, 2016 By Security Intelligence Staff 4 min read
Data Protection
Risk Management

Authored by Theresa Payton, CEO, Fortalice Solutions LLC and former White House CIO.

In the wake of the violent attack on Bastille Day in Nice, France, and recent other events, it would be negligent to think of physical security and digital security as two separate entities. At the White House, we discussed in great detail that an event cybersecurity strategy must dovetail physical and digital security together and that a one-sided approach was doomed to fail.

It is no secret that large crowds and popular events, especially those with controversial topics or provocative speakers, are a target for ne’er-do-wells. Thankfully, there are a host of proven strategies and tools that can help you manage a proactive and dynamic security strategy and, if the inevitable breach happens, an effective recovery effort. If you leverage these strategies and tools, you can improve the digital and physical security of the guests of the event.

There is not a specific or single recipe for success. Rather, you must first define what you are protecting, brainstorm the various threats targeting your event and then conduct a risk/reward analysis to prioritize resources on your digital and physical security strategy.

Open Source Intelligence

An area often overlooked and widely misunderstood is the use of open source intelligence, also known as OSINT, as part of the overall event cybersecurity strategy.

When you target your own organization as if you are the adversary, you can identify the information leaking out of your vendors’ connections to your data or through your own technology before cybercriminals use that same intelligence to launch an attack against your organization.

Digitally, you can use OSINT tools to identify everything you can about the technology and people that work at your organization. You can also use OSINT to see if your sensitive data has leaked online.

Physically, you can use an OSINT technique to digitally geofence a specific and physical land area and monitor the digital traffic that mentions or occurs in the location. In the case of fighting terrorism, private sector companies and law enforcement can geofence critical infrastructure, significant events and venues, and then monitor to identify terrorist capabilities, sympathizers, motivation, flashpoints and intention through various OSINT tools.

Top Targets

When thousands of people converge into cities, including presidential candidates, notable politicians, major donors, etc., several cybersecurity concerns arise. What’s worth stealing digitally? To most cybercriminals, if it’s digital, it’s worth taking. Many assets are valuable, but the top three targets at a large event are:

  1. Finding the schedules of notable people and their security detail assignments;
  2. Being able to spoof or fake credentials online or in person; and
  3. Stealing personally identifiable information (PII) or the right credentials to access payment information and bank accounts.

Cybercriminals: Modern-Day Bank Robbers

The guests that arrive to attend a festive event, conference, convention or just enjoy a national holiday want to connect so they can stay in touch with loved ones, post on social media and more. This strains the infrastructure and leaves it vulnerable.

Political conventions, for example, don’t just hop onto a public network; they couldn’t leave it to fate that they’d have enough bandwidth or security. They work with various vendors to set up their own infrastructure for the event so they can monitor, protect and ensure a successfully promoted party convention.

As today’s conventions are more complex, so are today’s campaigns. Never before have they collected so much essential information that would be lucrative to so many cybercriminals. The same goes for conferences, concerts, sporting events and more. Credit card numbers, bank account information, addresses, online identities — the list of valuable assets go on and on.

Cybercriminals are just like bank robbers in the old days: They follow the money. That is why in this day and age, if you are running a large public event that draws thousands of people, whether it be at the state, national or local level, you need to be as vigilant about protecting data as any business. Otherwise, you will lose your customers.

Whose Job Is It Anyway?

Venues and cities typically handle increased demand for cellular and internet services quite competently, but often the idea that the traffic must be protected as confidential and sensitive is seen as someone else’s job. But just whose job should it be?

You aren’t going to like the answer: It’s your job to protect the traffic and its contents as confidential and sensitive. It’s also your job to have a security plan that is both digital and physical. Fundamentally, you cannot assume that safety is someone else’s job.

Event Cybersecurity Checklist

Over the course of my career, one thing rings true over and over again: A breach is inevitable, but how you plan to respond to one is not. If you create and store data, there will be cybercriminals waiting to copy it, take it, post it, ransom it or destroy it.

The answers to these five key questions will help you define your event’s security strategy checklist:

  1. Do we or does a third-party track our organization, physically and digitally (like an adversary would), using open source intelligence techniques?
  2. For large physical events or concentrated places of work or travel for our executives, have we set up geofenced locations, and do we monitor for chatter or traffic that could be targeting the people at the event or our critical data?
  3. Have we defined the top two assets that would destroy us if they were stolen or compromised? Have we made sure all human and technology processes ask about those two assets first?
  4. What’s our worst digital and worst physical nightmare? Do we have a disaster plan to address these?
  5. When is the last time we got all relevant parties together to conduct a tabletop exercise against our worst nightmare? If there are multiple stakeholders, do we have a simple, straightforward memorandum of understanding or agreement in place to define roles and responsibilities?

Offensive strategies with defensive mitigating controls work. A purely defensive strategy is a losing strategy. For every defense you put in the path of a cybercriminal, they will find a way to get around it to grab the data.

 |  |  | 
Security Intelligence Staff
Security Intelligence Staff

More from Data Protection
March 27, 2024

3 Strategies to overcome data security challenges in 2024

3 min read - There are over 17 billion internet-connected devices in the world — and experts expect that number will surge to almost 30 billion by 2030.This rapidly growing digital ecosystem makes it increasingly challenging to protect people’s privacy. Attackers only need to be right once to seize databases of personally identifiable information (PII), including payment card information, addresses, phone numbers and Social Security numbers.In addition to the ever-present cybersecurity threats, data security teams must consider the growing list of data compliance laws…

March 12, 2024

How data residency impacts security and compliance

3 min read - Every piece of your organization’s data is stored in a physical location. Even data stored in a cloud environment lives in a physical location on the virtual server. However, the data may not be in the location you expect, especially if your company uses multiple cloud providers. The data you are trying to protect may be stored literally across the world from where you sit right now or even in multiple locations at the same time. And if you don’t…

March 5, 2024

From federation to fabric: IAM’s evolution

15 min read - In the modern day, we’ve come to expect that our various applications can share our identity information with one another. Most of our core systems federate seamlessly and bi-directionally. This means that you can quite easily register and log in to a given service with the user account from another service or even invert that process (technically possible, not always advisable). But what is the next step in our evolution towards greater interoperability between our applications, services and systems?Identity and…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature