International Congress and Convention Association #ICCAWorld#HoustonLaunch
About Cyber, GDPR
& You
Guy Golan, CEO Performanta
LinkedIn: https://www.linkedin.com/in/guygopurple/
guy.golan@performanta.com

Let’s start by asking few questions
VS
VS
VS

Your identity is not about who you are,
It is about protecting what I don’t want to lose

Why?

Ransomware: Sophisticated and Stupid
Wannacry

We are currently in the Wild West
Nation State
attacks
Organised
Crime
Industrial
Espionage
Hactivism
For Profit
For Cause

Cyber Criminals

• Might be as simple as money
• It can be your access
• Maybe your company’s IP
• Maybe your best friend’s business
• Your son’s best friend’s dad’s access to business
Bottom line: The bad guys will do whatever it takes to get to where they need to.
The bad guys have ulterior motive

What are the possible consequences?

• Have known keynote
• Concentrate all professionals in one place
• Easy to connect
• Easy to exploit / to target
• Would use as a vehicle for the next target
• Reconnaissance
• Very digital (Wi-Fi, cell phones, Apps)
Why events are a good target?

My digital footprint. Circles of exposure

Cyber Security is the true reflection of physical security.
Not always the other way around though!

Profiling – a story about Tanya
Your digital footprint?

Lateral Movement
colleague Target
Same System

Dwell time
Dwell Time
• Over 200 days
• Marriott’s was over 4 years!
• They collect information when you least expect it

The Web

WiFi

There is seriously a good chance that
you are just a means to an end
and/or collateral damage

Unique opportunity for you to think like a hacker!
• You have a big event in a convention centre
• The event is about tourism into a new destination
• Keynote – Minister of Tourism
• 50,000 delegates
• I want to make a statement and disrupt the keynote’s presentation
• Take 5 mins and write 5 steps to do that. Try be as chronological as possibly can.
• One more thing – believe that anything is possible!

The Cyber Kill Chain

Digital Footprint

Aviation brought us safety
How about Cyber Security?

What’s your password?
• Your Family member?
• Your name or last name?
• Important year?
• Big event?
• Pet?
• How many passwords do we have?
• Same password for different
applications?
• Write it somewhere?
• How about giving it to someone?

What do need to do?
Avoid Actions required

Avoid Actions required
Clicking
Temptation
Sharing for no reason
Awareness and vigilance
Password Management
Call back rather than respond
High profile
High exposure
White listing of people
Where you are
Awareness and vigilance
Children awareness
Cyber Bullying
Think beyond myself
Keeping it to yourself
Sharing because you trust
Be transparent if something went
wrong
What do need to do?

Summary – My company
• Great chance you’ve been hacked. If not it’s because you are not lucrative enough
• Business drive is critical – that’s the way you will protect your assets
• Know - People abuse data (Either maliciously or ‘just tried to do their job’)
• Scare tactics can only happen if you do not know what to protect
• Budget might be an issue. Spend the funds wisely
• Cost of breach would be 15x more than preventative measures
• Employ or nominate someone dedicated. Use the industry
• Great chance you’ve been hacked. If not it’s because you are not lucrative enough

Alignment to business must be natural

Summary – To Do
• Understand what you want to protect
• Bring security as close as possible to your business - alignment
• Build Cyber Strategy aligned with your business
• Demand protection:
• Secure registration
• Secure transfer of information
• Adherence to privacy regulations
• Adherence to payment regulations
• Segregation of duties
• Enforce protection / Engage with Cyber Experts
• Separate your back office from client facing activity
• Make sure WiFi is separated between participants and the organisers

Summary – Me and My Family
• Security is a topical mater in real life: me, my family, companies
• Think physical security. It will help you immensely
• Remember – it is not all about yourself
• Manage your passwords – Sentence long is great
• Never share your password
• Minimise your digital footprint
• Do not click on the link
• You did not just win $10m
• Call back is best
• Think beyond Yourself. There is impact on others close to you

Questions?

Provide your session feedback via
the ICCA Meetings App and
help us to shape next year’s
education programme!
Join the online
conversation with the
#ICCAWorld
#HoustonLaunch
International Congress and Convention Association #ICCAWorld#HoustonLaunch

International Congress and Convention Association #ICCAWorld#HoustonLaunch
Thank you!