Whether state-sponsored or rogue, cyber threats from Russia aren’t new. But they are newly worrisome as U.S. officials warn that the Kremlin may be readying a fresh spate of cyberattacks against the U.S. in retaliation for sanctions related to Russia’s invasion of Ukraine. Are events in Russian hackers’ cyber crosshairs?
In March, Biden administration officials warned that they had evidence that Russia may be activating its hacker community in preparation for cyber attacks against U.S. corporate and infrastructure-related targets. The attacks say U.S. officials, would be in retaliation for U.S. sanctions against Russia in response to the invasion and ongoing war in Ukraine. While Russian officials pooh-poohed the idea, saying they do not engage in “banditry,” there has been credible evidence that Russian-sponsored hackers have been linked to a series of attacks in Ukraine.
But it likely won’t stop there. An article in the Harvard Business Review on cyber security and digital privacy recently stated, “there’s little chance that cyber attacks will be limited to Ukraine. Governments and corporations should closely heed what’s going on there because cyber war can — and has — quickly spread across borders.” The U.S. government concurs. “The Biden-Harris Administration has warned repeatedly about the potential for Russia to engage in malicious cyber activity against the United States in response to the unprecedented economic sanctions we have imposed. There is now evolving intelligence that Russia may be exploring options for potential cyber attacks,” the Biden Administration said in a recent statement, which also includes a list of actions being taken to bolster the country’s cyber protections since the Russian SolarWinds attack last year.
While the obvious targets for Russian hackers would be the energy and finance sectors — the U.S. Department of Justice recently indicted four Russian government employees for hacks targeting hundreds of companies and organizations in the global energy sector in 135 countries in operations spanning from 2012-to 2018 — the ripple effects from a massive energy or financial cyber attack would engulf the events world along with everyone else.
Event Organizers: Be on Guard
And event organizers themselves could find their organizations at a heightened risk for cyber attacks. As MaryAnne Bobrow, CAE, CMP, CMM, of industry consultant Bobrow Associates, Inc., said, “First we had the pandemic which brought out the worst in hackers and scammers who cared not who they were harming. And now, we have purposeful attacks intended to weaken our economic structure. The pandemic was overwhelming for many and with face-to-face events shut down for nearly two years, we forgot to think about cyber security. Now that face-to-face meetings are returning, our old nemesis, pirates, and poachers, are back at work stealing from legitimate room blocks. Most recently, speakers at an upcoming event, myself included, were being targeted to book sleeping rooms at lodging places I’ve never heard of, and it is a city that I am very familiar with. I guess it’s time to dust off my cyber resources again.”
Bobrow, who works with 501(c)(3) and 501(c)6 organizations, says nonprofits can be particularly attractive targets because many lack the necessary protocols and training on how to deal with these issues. “I work with a nonprofit now that actually contracts with a cyber security firm to test its employees to see if they will fall for a scam,” she says. “Some of them are obvious, but others are very cleverly worded to make you click before you think. Then it’s back to cyber security training to become more educated on the possible attacks.
“This is a good practice to engage in because it makes you think,” she adds. “Did I hover over the link and see where it is sending me? Did I hover over the email address to see if it is actually coming from the address I see? Those are red flags that everyone should be aware of.”
What Makes Events a Juicy Cyber Target
What types of attacks are most likely to target meeting and event organizers? Bobrow says to be prepared for anything. If money or data is involved, the attack could constitute “bogus room blocks, usually from companies claiming to be the event organizer’s housing partner, demanding money paid in advance, but no room is available for you and the hotel never heard of you.” Data is another target, she adds, and meetings have the kind of data hackers want. “Think of meeting lists they want to sell you or gaining access to your credit card information.”
But that’s just for in-person events. Are digital events safer? While cyber attacks on virtual events may not yet be prevalent, “if there is money to be made somehow, they will find a way to target those too,” she said. While meeting organizers are somewhat prepared, the rush to jump into virtual events and new platforms hurrying to the marketplace during the pandemic caused many to forget to carefully review contracts to ensure that cyber security measures were in place and that personally identifiable information was protected by the platforms and vendors, Bobrow says. “Virtual events have registration lists, and money exchanged for registrations, so face-to-face, hybrid, and virtual events need to have security protocols embedded in their contracts.”
Some good resources — including one on Internet Access and Cybersecurity and another on Poaching and Piracy — for event organizers concerned about potential vulnerabilities to cyberattacks can be found on the Events Industry Council website. Bobrow also recommends the free tools and alerts available at https://www.knowbe4.com/, but says there also are many other free and paid options.
“Whomever one chooses, all planning professionals, be they planners or suppliers, should elevate their awareness of cyber security issues and the harm they can and do cause,” Bobrow said.