Music Festivals and Cyber Attacks.
The risk of cyber-attacks in all aspects of society is ever increasing and music festivals are no expectation to this. Cyber-attacks can take many forms and is usually conducted with financial crime as the objective. What are the key aspects of this phenomenon that festival organisers need to be aware of?
Cyber-attacks on music festivals are nothing new with previous attacks on Tomorrowland, leading to the details of 64,000 ticket buyers being hacked, and Coachella getting over 1 million customer records hacked. Attacks usually focus on obtaining festival-goer data or ransom demands on event organisers by attacking its infrastructure. It’s not only online websites that can be vulnerable but increasingly Wi-Fi attacks on wireless networks and routers on festival sites.
Festival and Ticketing Website Attacks.
Attackers have been known to create ‘evil twin’ websites that appear like the genuine event site but are fake and fraudulent. Many unsuspecting festival-goers respond to phishing emails that direct them to such websites by offering cheap tickets and free merch for example. Their sole aim is to collect payment data from credit cards or other personal information including passwords, they may also infect devices with malicious software or ransomware.
On site Wireless Networks.
Every remote music festival site will employ the services of a telecoms company to install a tower to provide site wide Wi-Fi. These networks can be very vulnerable to cyber-attacks where thousands of mobile devices are simultaneously trying to connect. Attacks can target festival-goer's devices to obtain their personal data. On rare occasions attacks are made on the organiser’s network that controls essential operating systems threatening to take down services, such attacks usually come with a ransom demand.
Festival organisers should ensure that they have up-to-date protection in place with sufficient cybersecurity measures that include the protection of both their physical and digital universe. Anyone responsible for a festival's IT infrastructure should ensure that they follow best practice for software security measures including proper authentication and secure data storage to prevent data leakage. All systems need to be regularly tested for vulnerabilities by using white hat hackers who can exposes any weaknesses in security.
If a festival organisation is using a third-party ticketing company it is essential to conduct due diligence on their preparedness for cyberattacks. Ticketing companies are the most likely target of attackers because they are collecting a large number of payments and present the biggest financial risk. This is key for organisers as it is their festival customers who are at risk, ticket buyers won’t blame the ticketing company but the festival organisers, should they become a victim. All suppliers used by festivals should be asked for details of their security software arrangements and if necessary, record this for reference. For telecoms suppliers ask about their ‘security fabric’ which ensures the network has internal segmentation firewalls with integrated security tools and sensors deployed across the environment. This approach can detect and filter out attack traffic and prevent criminals from exploiting mobile application vulnerabilities.
As many music festival organisations only have limited IT resources it may be worth considering using a cybersecurity specialist company to audit everything on a regular basis and ensure that any protection measures are current.
For festival organisers planning their events using a software management platform like Festival Pro gives them all the functionality they need manage every aspect of their event logistics. The guys who are responsible for this software have been in the front line of event management for many years and the features are built from that experience and are performance artists themselves. The Festival Pro platform is easy to use and has comprehensive features with specific modules for managing artists, contractors, venues/stages, vendors, volunteers, sponsors, guestlists, ticketing, cashless payments and contactless ordering.
<< Back to articles