Warning Against Security Risks Associated with Virtual and Hybrid Events
The COVID-19 pandemic hit a severe blow to the event industry. The coronavirus was spreading
at a scintillating pace as the people gathering at events were infecting others in large numbers. It
mandated the cancellation of all the events and meetings worldwide and forced people behind
Even in these testing times, the tech industry was quick enough to comprehend the situation. The
industry derived the solution in the form of virtual and hybrid events. In no time, organizations
embraced these solutions and switched their events and meetings to virtual platforms.
Virtual platforms propelled event developers to innovate, create, and organize events that people
can attend from their homes. These events also opened doors for the attendees to connective with
their peers. Suddenly the pandemic became a great learning and growing opportunity for
businesses and individuals. Virtual platforms not only saved but also rejuvenated the event
On the flip side, these remote events also became the center attraction for cybercrime. Virtual
platforms created in a rush had several vulnerabilities that sparkled the eyes of the attackers.
These platforms entered a blind quest of scaling up to meet the exponentially growing demand.
In this sprint, they failed to ensure the security and privacy of the users.
Firstly, all the users entering the event in various capacities willingly gave away their personal
and professional details. They intended to grow a community of like-minded people and offered
their information across the entire network. This data becomes the vein of gold for
cybercriminals. Many people have shared their experience as they experienced some erratic
behavior and uninvited guests within the virtual platforms.
Many platforms organizing live chats allot an attendee ID and forget to hide it in the chat room.
These IDs are visible in the chat rooms revealing their names, companies, position, contact no,
location, IP address, etc. Some virtual platforms deliver a better networking experience by
allowing users to edit their profiles. Due to lack of authorization checks, users could also edit
other’s profiles by simple tweaks in the IDs.
There were options to change the profile picture in the platform that allowed uploading scripts.
The presence of such options makes the platform vulnerable to remote execution of malicious
web scripts. Such platforms served the vulnerabilities to the attackers on a silver platter. It
elevated the risk of cross-scripting, cookie stealing, and impersonation.
Some platforms even failed to hide their database errors, inviting attacks through time-based
SQL injection. Bad actors could easily invade and control the database server and website.
Privacy breaches, data theft, data misuse, direct database access, and remote code execution are
some serious threats for users of virtual event platforms. It puts the audience, speakers, sponsors,
and organizers in jeopardy. For many businesses and individuals, these are high-risk threats and
can mean the end of the world.
Taking lessons from the experience, virtual and hybrid event platforms and service providers
have learned a lot in the past year. They have evolved significantly and have fixed many of these
issues. They are providing better-secured services and can even optimize based on your
However, these risks must not stop you from reaping the benefits of these remote events and
collaborate with your peers and the larger community. While virtual and hybrid event developers
are maturing, it is time for user organizations to do their bit. They must have an internal IT
security team to evaluate the platforms and determine whether or not they should be used.