9th March 2015
It is stated that human behaviour is a lot less reliable than machine capabilities; therefore it is a lot easier to trick a person than it is to trick a computer.
Within any organisation procedures and policies must be put in place to protect integrity and maintain security. Statistics reveal that within the last year there was a ¼ of a million stolen identities. This shows Cybercrime is REAL and a growing threat to e-commerce and the general public. The realisation of contemporary issues, led to Obama himself stating:
“The very technologies that empower us to create and to build also empower those who would disrupt and destroy”.
History of Hacking
In 2013 the payment services industry was the most targeted at 56.3%, this is crucial to the event industry and organisations need to be alerted that it is an ever growing threat.
Figure 1 Most Targeted Industry Sectors 3rd Quarter 2013
The timeline below shows the increase of phishing attacks that have occurred over a ten year period. In addition there was a reported 87% increase in phishing in 2013, making us question where does this leave our security in the future?
What is hacking?
Computer hacking refers to the practice of modifying or altering computer software and hardware to accomplish a goal that is considered to be outside of the creator’s original objective. Computer hacking will involve some degree of infringement on the privacy of others or the damaging of a computer-based property such as web pages, software, or files.
What is phishing?
Have you have ever had your personal details; such as usernames, passwords, and PIN numbers; stolen or impersonated? If so, you have been a victim of phishing.
In a recent UK Police operation, it was found that out of the top 10 Google results, 7 were fraudulent websites.
One of the most re-occurring types of phishing is through hoax emails and links; such as fake emails from your bank which asks you to phone someone and provide your personal details.
Research has shown that 2013 was a record breaking year for the highest amount of phishing attacks launched. Phishing caused$5.6 billion in global losses, and as long as phishing remains successful, cyber-criminals are going to continue cashing in on this method of fraud.
What is hacktivism?
Hacktivism is a new social movement which has been suggested to be a way in which people can participate in global politics. This is done through hacking to communicate their ideas and principles of democracy, facilitating online protests and disrupting the flow of certain information.
This type of movement is not to destroy or sabotage government operations, but the idea is to bring more attention to human rights and the freedom people have.
Hacking has been a contemporary issue within the Event and Hospitality industry within the last year due to attacks on large corporations such as Ticketmaster and Marriott. Cyber-attacks within the industry have become so prominent that the Government are issuing warnings to the general public.
Over half of online ticket sites are being reported as ‘bogus’ causing online scams.
TicketWeb (a sub-brand of Ticketmaster) faced a similar issue in 2012, with customers receiving a phishing email claiming their Adobe Reader required an update. This was the result of their network being infiltrated by hackers. Ticketmaster was unaware of the situation until it was pointed out by customers via twitter. Ticketing of events has also been targeted through a group naming themselves ‘WiseGuys’, the group hacked in to LiveNations database purchasing desired tickets and selling them illegally making over £25 million. By hiring an experienced hacker from Bulgaria they created a way to breach CAPTCHA technology.
Figure 3 Example of CAPTCHA Technology
In relation to cybercrime, the event based venues such as Mariott Hotels have also been targeted. In 2013 members of Mariott Reward Club were affected by hackers trying to access their personal accounts and obtaining classified details. To prevent this happening Marriott promptly contacted all their customers requesting them to update their passwords to resolve the problem.
These are prime examples of organisations in today’s hospitality and event industry which are being affected by phishing attacks. It shows how vital a solution to protect ourselves against these attacks is needed, especially considering large scale events in relation to their high profile clients. Take a step back and ask yourself how safe is your data?
How Protected Are You?
There are three common factors that lead to a company’s network infrastructure being hacked. These are Lack of Education, not updating software and finally the use of ‘bring your own device’ (BYOD), however all of these problems have very simple solutions.
Problem: One of the main reasons phishing attacks are successful is that users ignore software updates. In 2012 Skype found 40% of adults don’t update their software when initially prompted; furthermore 75% of those investigated took between two to five prompts to update before actually carrying out the necessary task.
What software is your company using? How often do you update your software?
Problem: BYOD is used by approximately 67% of workplaces today; this has resulted in 50% of users accessing their email from outside the corporate network. Employees that use BYOD are more vulnerable as traditional corporate network security is not there to defend them from targeted phishing attacks. If the employee is utilising vulnerable outdated software on their BYOD device, the attacker has multiple vulnerabilities to exploit on a device used for corporate activities.
Do you use BYOD? If you do, what protection do you have in place?
Problem: The common denominator of all phishing attacks is the end user; it is believed that the reason for this is the lack of education on the importance of protecting themselves from attacks.
Have you provided any training for your employees concerning computer safety?
Thank you for taking time to read our blog, feel free to connect with us @EventHacktivism and comment below.