The Gaming Boardroom

Cyber security for high profile conferences

Steve Tyler Leave a comment

Cyber security for high profile conferences

Summary

This NCSC guidance extends its Major Events advice to cover cyber security for high-profile conferences, addressing both physical and virtual risks. It explains how to assess threats based on event topic and attendees, and recommends controls for identity and access, denial of service resilience, supplier assurance, website protection, handling bulk personal data, and on-site network risks. The guidance emphasises independent assurance (standards, penetration testing), secure design and the need to plan and test incident response.

Source

Source: https://www.ncsc.gov.uk/guidance/cyber-security-for-high-profile-conferences

Key Points

  • High-profile conferences are attractive targets; assess threat level based on topics and attendee profile.
  • Strong identity checks and multi-factor authentication are recommended (especially for presenters); use virtual lobbies and active moderation.
  • Design services to be resilient and scalable against denial of service; request upstream ISP mitigations and separate bandwidth for critical functions (eg livestreaming).
  • Mitigate insider risk by using trusted personnel and suppliers, logging actions for accountability.
  • Ensure administrators use managed corporate devices and follow mobile device guidance.
  • Protect websites and portals against defacement and common web vulnerabilities (use OWASP guidance, WAFs and secure development practices).
  • If collecting bulk personal data, follow NCSC protecting bulk data guidance and secure design principles.
  • Assess venue risks: segmented Wi‑Fi, patched infrastructure, network monitoring, backup plans (eg wired connections), and protection of building management systems.
  • Gain assurance from suppliers using Cloud Security Principles, independent certifications (Cyber Essentials, ISO27001), and pre-event penetration testing; consider NCSC Active Cyber Defence where appropriate.
  • Create, test and exercise an incident management plan; engage internal security teams early and contact NCSC for very high-profile events.

Context and relevance

Conferences increasingly mix physical and virtual elements and can concentrate sensitive personal or sector-specific data. A cyber incident at a high-profile event can cause major disruption and reputational damage, so organisers, venues and suppliers need proportionate, evidence-based security. This guidance aligns with wider trends emphasising supplier assurance, resilient infrastructure and explicit planning for DDoS and identity-based threats.

Why should I read this?

Short version: if you organise, supply or run tech for conferences, this saves you from getting blindsided. It tells you where attacks usually hit (IDs, Wi‑Fi, livestreams, suppliers), what to ask suppliers for, and the must-do checklist so your event doesn’t become a headline for the wrong reasons. Read the checklist, sort MFA and bandwidth, and test your incident plan.

Practical checklist (quick skim)

  • Engage security early; contact NCSC for very high-profile events.
  • Read the Major Events guidance first; identify event-specific threats.
  • Define top-level security requirements before appointing suppliers.
  • Understand hosting, architecture and third-party use; demand assurance and pen tests.
  • Segment guest networks, reserve bandwidth for critical services and monitor traffic.
  • Inventory and secure any networked building systems; apply physical and personnel protections.
  • Create and exercise an incident management plan; ensure contact points are set up.

Author note (punchy): Act early, insist on evidence from suppliers, segregate networks and don’t treat venue Wi‑Fi as an afterthought.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Copyright © 2026 The Gaming Boardroom. All rights reserved.