Attackers have increasingly targeted the Olympics with cyberattacks. The 2022 Winter Olympics kick off in Beijing this week, and this trend will likely continue. In fact, this Tuesday, the FBI issued a warning about possible cyber activities (such as distributed denial of service attacks, ransomware, phishing attacks, and more) during the Olympics. Following the success of the 2020 Summer Olympics in Tokyo, however, we don’t expect the bad guys to win, thanks to the preparation that goes into defending the Games.
Adopting A New Regimen
The 2020 Summer Olympics were somewhat similar to the 1996 Summer Olympics, in which the US gymnastics team brought home its first gold medal in the team finals. For years, USA Gymnastics fought to be on top, ultimately to be swept away by the Russians (previously the USSR). It wasn’t until the organization adopted a similar training regimen that the team finally made their way to the top of the podium.
To avoid being swept away, security and risk pros must adopt a regimen to strengthen cyberdefenses.
A cyberattack on the opening of the 2018 Winter Olympics in Pyeongchang resulted in the IPTVs (Internet Protocol televisions) malfunctioning, main servers being shut down (preventing attendees from being able to access their tickets), a Wi-Fi outage in the Olympic Stadium, and film drones unable to deploy. The 2020 Tokyo Summer Olympics (held in 2021, thanks to COVID-19), however, are viewed as a cybersecurity success story.
In the months leading up to the Tokyo Olympics, intelligence agencies warned of cyberattacks and the need to exercise preventive measures (almost like implementing a new training regimen) to ensure that there wouldn’t be a repeat, or worse, of the 2018 Winter Games (and another loss of a medal) due to the market size of such an event. Luckily, the International Olympic Committee (IOC) and local organizers of the Tokyo Games didn’t need to be convinced to take major security measures ahead of the Games. They implemented strong proactive measures to prevent an attack, including the hiring of a third-party firm with a dedicated team of 200 cybersecurity specialists.
While a minor incident did occur (think of Kerri Strug’s infamous vault), the cybersecurity team thwarted over half a billion cyberattacks on the Summer Games, which saw over 2.5 times the amount of attempts than the 2012 London Olympics. The success of thwarting so many cyberattacks and the implementation of proactive security protocols would have clinched a gold medal, if one could be awarded for cybersecurity.
Ready Yourselves For Olympic-Related Cyberattacks
So what does this all mean for the 2022 Winter Games? Will we see another cybersecurity gold medal?
We will likely see a spike in attempted attacks — specifically, ransomware — against the Games themselves. It is also likely that individuals and organizations will see an uptick in phishing attempts and scams, emails masquerading as official Olympics communications, and illegitimate streaming services posing a threat to people trying to watch online.
The Olympics are a worldwide market and could provide lucrative opportunities for hackers. If the 2018 and 2020 Games have taught us anything, however, we know that the IOC and local organizers will be well prepared to thwart any attempts that come their way, and hopefully that means the clinching of another medal (maybe this time for Team USA Hockey).
For security and risk leaders, use the 2022 Winter Games as a reason to warn your users about potential threats, review your security procedures, and shore up your defenses. Just like the Olympians we celebrate in the Games, cybersecurity pros need a training regime to ready themselves for competition. Help your home team clinch their 2022 cybersecurity gold medal.
(written with Alexis Bouffard, senior research associate at Forrester)