By Mary Tucker, Sr. PR/Communications Manager, IAEE
Last week, the Center for Exhibition Industry Research (CEIR) presented a webinar, Emergent Cybersecurity Update: Trends, Threats and Solutions, hosted by CEIR CEO Cathy Breden, CMP, CAE, CEM and featuring Dr. Jennifer Hesterman, Vice President of Business Resiliency at Watermark Risk Management International.
Hesterman is a retired Air Force colonel, serving three Pentagon tours and commanding in the field multiple times. Her final assignment was Vice Commander, Andrews Air Force Base, Maryland, where she led installation security and protection of Air Force One, force support and the 1st Helicopter Squadron. She is the recipient of the Legion of Merit, the Meritorious Service medal with five oak leaf clusters and the Global War on Terrorism medal, among others.
Hesterman provided valuable information on industry disruptors at last year’s CEIR Predict Conference and her latest presentation provides an update on the current threat environment that companies need to consider.
Just about everything we do today is done through digital means. While we appreciate the speed and convenience technology offers, we must also be mindful of potential security threats and stay on top of how to avoid and/or diffuse them. Hesterman illustrates using the visual of a stormy ocean.
“There is so much happening; there’s conflicts happening, there’s new actors on the scene, there’s new apps being exploited, new ways that the actors exploit us, so it’s really a perfect storm for cybersecurity,” she says. “But there’s a glimmer of hope, there’s a lot we can do.”
The most current cybersecurity threats – phishing, network intrusion, inadvertent disclosure, stolen/lost device records and system misconfiguration – are equally threatening to organizations across the world. The many ways in which a bad actor can infiltrate an organization means that every team member must have an understanding and exercise proper precautions when it comes to opening the door to cyberthreats.
In 2021, the damage caused by ransomware alone was $20 billion according to research experts Cybersecurity Ventures. By 2031, the company projects the damage will rise to $265 billion with ransomware expected to attack a business, consumer or device every 2 seconds (as opposed to every 11 seconds in 2021).
In addition to phishing and ransomware, other cyberthreats include hacking, imposter scams, environmental events and malicious insiders. All of which threaten what the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) calls the “CIA Triad,” an organization’s Confidentiality (the protection of information from unauthorized access and disclosure), Integrity (protecting information from unauthorized modification) and Availability (preventing disruption in how information is accessed).
How do we protect ourselves from the seemingly endless line of threats? Hesterman provides detailed explanation of the NIST Cybersecurity Framework that can be adapted to many technologies, lifecycle phases, sectors and uses including the private sector, academia and public sector:
- Identify. Develop organizational understanding to manage cybersecurity risk to systems, assets, data and capabilities. What are you trying to protect?
- Protect. Develop and implement the appropriate safeguards to ensure delivery of services. Create a culture where everyone “does” security.
- Detect. Develop and implement the appropriate activities to identify the occurrence of a cybersecurity event.
- Respond. Develop and implement the appropriate activities to take action regarding a detected cybersecurity event.
- Recover. Develop and implement appropriate activities to maintain plans for resilience and restore any capabilities or services impaired due to a cybersecurity event.
In addition, she provides integral solutions to identify and effectively deal with an insider threat and implementing “converged security” (the formal collaboration between disjointed security functions).
After all, despite the great amount of technology that surrounds the way we live and conduct business, there are still people involved. And people, unfortunately, are the weakest link in cybersecurity. However, Hesterman notes that an informed person can also be one of the strongest defenses against cyber criminals.
What does this mean for exhibition organizers? As Hesterman demonstrates, the same precautions taken by individuals and organizations can be applied to exhibitions and events. View the complete webinar, Emergent Cybersecurity Update: Trends, Threats and Solutions, to learn how you can protect yourself, your organization and your exhibitions from the latest cyberthreats.