COP26 | CyberLab Success Stories
Identity Events Management, the agency contracted to deliver the 2021 United Nations Climate Change Conference (COP26), needed to ensure that their defences were secure for the conference.
Identity Events Management, the agency that was selected to deliver United Nations Climate Change Conference (COP26) in Glasgow had to facilitate over 40,000 on-site attendees including world leaders, government representatives, businesses, citizens, and the media.
Identity developed and delivered ‘the largest and most complex hybrid event solution the world has seen,’ as well as providing a dedicated team to deliver exhibition organisation and build services to over 180 countries.
As the largest event ever staged by the UK Government, COP26 extended beyond governmental meetings and negotiations to include press conferences, working spaces, a full media centre, bilateral rooms, a film screening amphitheatre, expo-style areas, and exhibitor zones.
With so many high-profile delegates attending and important climate discussions taking place, it was imperative that their cyber security was tested thoroughly, and without impacting the experience of the delegates.
To provide assurance to both internal stakeholders and the Cabinet Office security team, we decided on a two-pronged approach including phishing simulations and penetration testing the event platform.
Our team of expert consultants developed a comprehensive penetration testing plan specifically for the COP26 digital platforms, beginning with an external unauthenticated penetration test.
When running unauthenticated penetration tests, we do not provide our penetration testers with credentials to authenticate with the application. This approach allows us to emulate how a real-world treat would approach the target systems, and to evaluate exactly what is exposed to an attacker and whether they would be able to gain unauthorised access.
We followed this up with a round of authenticated testing where we provided our testers with credentials to authenticate as each of the user roles. This allows us to identify vulnerabilities that could be exploited within the application itself, such as allowing for the elevation of privilege or lateral movement within the system.
Once the penetration testing stage of the project was complete, we began to focus on the weak link in any organisation – people.
We ran an advanced phishing simulation campaign involving every Identity employee, before following up with an analysis of how well they fared through the simulation, and supplying resources on how to spot and report phishing emails to keep the channel secure.
Gavin Wood, CEO, CyberLab
With the results and analysis of their penetration tests, Identity could take peace in the knowledge that their systems were secure against a potentially debilitating cyber attack at critical time.
COP26, which had received numerous cyber security threats in the run up to the conference, was executed without any major cyber attacks reported. The Glasgow Climate Pact was signed on 13th November 2021 by 197 national delegates.
Identity went on to deliver other successful national events, including the Coronation of King Charles III on 6 May 2023.
Speak With an Expert
Enter your details and one of our specialists will be in touch.
Our team specialise in creating bespoke security solutions and testing packages to improve and maintain your security posture.
We are 100% vendor agnostic and will only ever recommend the best products and solutions for your requirements.