International. In a recent article, Gil Vega, CISO at Veeam, reflects on the enormous task that responsible cybersecurity teams have at their hands during the Olympic Games.
According to the expert, the idea is not only the product of a slightly paranoid mind after years of work in cybersecurity, but comes from the unfortunate reality of any transcendent world event in the digital age.
"To put my possible paranoia in context, the last Summer Olympics, which took place in Tokyo, experienced 450 million attempted attacks, and it is predicted that the Paris edition will see 10 times more attacks than there were in Tokyo, making it potentially the most attacked Olympics in history," Vega said.
The Olympics as a target of attack
Perhaps it is worth asking why this sporting event is such an important objective. There are several reasons, starting with saying that the eyes of the world are on it, which makes it a prime target for bad guys, be they activists, state actors, or cybercriminals.
Vega says another reason is the sheer scale of IT infrastructure that must be in place to hold an event like this and the relatively short time organizers had to implement it all. Considering that there are predicted to be more than 10,000 athletes, millions of visitors, and billions of spectators worldwide, the potential for a cyber disaster is considerable.
It already happened at the PyeongChang 2018 Olympics, where a successful attack disrupted the opening ceremony of the games. The breach affected data centers and turned off Wi-Fi in the stadium and in all door systems of all Olympic buildings. It also closed the option to sell digital tickets and brought down the official application of the Olympic Games. Holding an event without these functions is extremely problematic; the IT team worked through the night and was able to get operations back on time, before the first competition, but it was close.
The good news is that the team responsible for the Paris Olympics has taken the threat very seriously. In close collaboration with the French Agency for National Security (ANSSI), they have carried out an extensive program to protect the games, which includes extensive reinforcement of their systems; War Gaming, which are deep-dive tabletop exercises that mimic a major cybersecurity incident; penetration testing, and a bug bounty program, to reward ethical hackers who find vulnerabilities in systems. In addition, the event's security operations center will operate from a top-secret location.
The likelihood that they are a decoy
If there is one thing we are sure of, it is that cybercriminals take advantage of all kinds of world events for their plans. In this way, the Paris Olympics will likely be not only a target in itself, but also a lure in future phishing and fraud attempts.
"Watch for too-good-to-be-true offers, prizes, or promises that use the Olympics as a decoy. And, while gaming has taken a step towards the digital frontier recently, don't rely on every Olympic app out there; be sure to download only those endorsed by the Official Olympic Committee or sponsors. Hopefully, with all the cyber threats in sight, we can turn our attention to athleticism worthy of admiration on fields, water and courts," concluded Veeam's CISO.
Leave your comment