The FTC Steps Up to Protect the Conference, Meeting, and Expo Industry from (AI-Driven) Cyber Threats, Learn Your Role
The Federal Trade Commission's recent ruling empowers legal action against fraudulent use of event names, logos, and trademarks. This law is a significant step in offering legal recourse against (AI-enhanced) scams, enabling financial penalties and court cases against perpetrators.
These crimes were an issue before generative AI tools, like ChatGPT, Gemini, CoPilot, Midjourney, etc. came on the scene. In an era where generative AI tools can craft convincingly realistic content, the conference, meeting, and expo industry faces novel cyber threats.
Phishing schemes, deepfakes, and counterfeit event websites are just a few examples of how cybercriminals can exploit AI technologies to deceive and defraud organizations and end-users.
Understanding the Potential Threats
1. Phishing Attacks: Cybercriminals use generative AI to create personalized, well-written, authentic-looking phishing emails that mimic legitimate communications from event organizers, tricking recipients into divulging sensitive, personal or financial information.
Attendees often receive phishing emails that appear to come from the event planners with the goal of enticing them to interact with a call to action, such as reserving a hotel room, registering for the event, etc. with links that could contain malicious links, malware, viruses, and more.
2. Deepfakes: AI-generated videos or audio clips that convincingly mimic public figures, event planners, or executives could be used to spread misinformation or fraudulent invitations to events and issues malicious acts perpetuated by the cybercriminal.
3. Fake Websites and Promotional Materials: Generative AI can allow cybercriminals to design websites and marketing materials that replicate the look and feel of genuine event pages, leading to fraudulent ticket sales or registration fees, or fradulent solicitation of vendors or sponsors.
Consistent communication focusing on preventative tips and educational content will help event organizers stay ahead of potential scams, frauds, and crimes affecting the industry.
The plan should include informative videos, articles, social media posts, emails, etc. It should be done in a manner not to instill fear, but with a partnership perspective to stay safe together, to enjoy and get the most from the event.
Preventive Measures and Best Practices
1. Implement Advanced Cybersecurity Measures: Work with the IT team to insure the use of AI and machine learning-based security systems to detect and respond to phishing attempts and unauthorized use of digital assets.
2. Educate Your Community: Regularly inform stakeholders; including event attendees, staff, association members, and contractors, about the risks of AI-generated scams and teach them how to recognize and report suspicious activities.
Hold expert-led workshops and webinars on a regular basis. They should be interactive and assess the skills learned. Investigate certification programs that may be able to reduce risk and liability in conjunction with your risk management and insurance team.
3. Legal Protections: Ensure your intellectual property is legally protected. Use trademarks for your event names and logos, and monitor the internet for unauthorized use.
4. Verify Before Trusting: Establish a protocol for verifying the authenticity of communications, especially those that request personal information or payments.
You should create a Standard Operating Procedure/SOP contact sheet with authentic contact information that should be used to verify any correspondence received that may be suspicious.
When directing participants to question emails, phone calls, or content, they should be advised not to respond directly but to contact personnel from the SOP contact sheet.
5. Shore up cybersecurity practices right now, starting with:
1. Password/passphrase/passkey hygiene
2. Implement two-factor authentication
3. Schedule automatic security updates
4. Establish firewall, anti-virus, etc.
5. Get cyberinsurance that covers all potential scopes of risks based on your event, industry, and practices.
Industry Call to Action:
Empowerment Through Expert-Led Training
To proactively protect against these evolving threats, it's imperative for all parties involved in the conference, meeting, and expo industry to engage in expert-led cybersecurity training on a regular basis. Understanding the capabilities and limitations of generative AI, along with actionable cybersecurity practices, is crucial in preparing for and mitigating potential scams and frauds.
The industry must remain vigilant, adopt both technological solutions and informed human judgment to navigate the challenges posed by AI-driven cyber threats.
My goal is to implement AI cybersecurity action plans, safety policies, and training programs to protect upcoming events.
