By Gil Vega, CISO at Veeam
What’s your Olympics-watching style? Embracing the warm glow of seeing humanity come together in peace and harmony? Maybe it’s marvelling at the sporting excellence on display from apparently superhuman competitors? Perhaps you spend the entire time with the vague feeling that you should be getting up and moving more. I go through each one of these multiple times throughout the games, but I also have one other thought in the back of my mind that maybe isn’t so typical – just how massive the task the cybersecurity teams responsible for the games have on their hands. This thought isn’t just the product of a slightly paranoid mind from years of working in cybersecurity; it comes from the unfortunate reality of any major world event in the digital age. To put my potential paranoia in context, the last summer Olympics, which took place in Tokyo, experienced 450 million attempted attacks, and it’s predicted that the Paris Olympics will see ten times the amount of attacks as Tokyo, potentially making it the most attacked games ever.
The Olympics as a target
You may be asking why the Olympics are such a target. There are several reasons. Firstly, the eyes of the world are on the event, making it a prime target for bad guys, including activists, state actors, and cybercriminals. Another reason is the sheer scale of the IT infrastructure that must be in place to run an event like this and the relatively short time that the organisers had to put it all in place. Considering that there are anticipated to be more than 10,000 participants, millions of visitors, and billions of viewers across the globe, the potential for an Olympic cyber disaster is considerable. We saw a successful attack disrupt the opening ceremony of the 2018 PyeongChang Olympics. The attack affected their data centres and shut off the Wi-Fi in the stadium and every gate system in every Olympic building. It also shut down the digital ticketing function and broke the official Olympics app. Running the events without these essential functions would be problematic. The IT team worked through the night and was able to recover operations in time before the first event, but it was a close call.
The good news is that the team responsible for the Paris Olympics has taken the threat incredibly seriously. Working closely with the French Agency for National Security (ANSSI), they’ve carried out a wide-ranging programme to protect the games, including extensive system hardening, war gaming, pen testing, and a bug bounty programme to reward ethical hackers who find vulnerabilities in their systems. The security operations centre for the games will also operate from a top-secret location.
The Olympics as a lure
The games themselves are likely not just to be a target but also a lure in upcoming phishing and fraud attempts. If there is one thing we know, cybercriminals capitalise on world events in their schemes. Be looking for too-good-to-be-true offers, prizes, or promises that use the Olympics as a lure. And while the games have taken a step into the digital frontier recently, don’t trust every Olympic app out there. Ensure you only download those supported by the official Olympic committee or sponsors.
Hopefully, with all the cyber threats in the open, we can turn our attention to the athleticism on the fields, in the water, and on the courts. Which country are you rooting for in this year’s games?