While the 2024 Paris Olympics are behind us, this global event highlights the current threat landscape. It demonstrates how large-scale events can expose security vulnerabilities and provides us a case study on how we can better prepare for these risks in the future.
According to a recent report by Insikt Group, vendors associated with the Olympics (from event organizers to sponsors) face an increased risk of being targeted by ransomware attackers. While this is common for high-profile events, several newer and more prevalent threats have emerged. Cyberattacks are rising overall and critical infrastructure remains a prime target due to its potential impact. Whether carried out by hacktivists or state-sponsored actors, attacks designed to create disruption, chaos, and confusion are common during times of geopolitical tension, often resulting in significant economic damage to affected organizations.
As we move on from the Paris Olympics, it is important for organizations to assess their preparedness for such events and plan to be even more resilient in the future.
Analyzing the current threat landscape
There are several common techniques that threat actors turn to when high-profile events like the Olympics come around. The primary technique is social engineering, mainly through phishing emails and scam sites related to the event. With so much attention on the event, emails and sites that appear to be related can be difficult to distinguish from the real thing. Over the years, organizations have improved employee awareness around phishing scams, which has reduced risk. Many have also started to implement security controls to prevent phishing emails from being delivered to users and to analyze websites for their provenance. While this is progress in the right direction, there is still a need for improvement in not underestimating the level of sophistication of social engineering attacks.
The rise of disinformation, particularly in the political realm, has started to bleed into other areas of daily life and an event like the Olympics would be a likely target for disinformation campaigns. Especially with the rise of GenAI, there is valid concern around the effectiveness and the speed at which disinformation campaigns are deployed, but it’s not helpful to focus on fearmongering in regard to GenAI. Understanding the threat allows for better preparation. Having a fact-checking operation and open communications from event organizers is critical in combatting disinformation and providing a reliable source of information for such events.
In terms of new threats to consider, the proliferation of IoT devices and how they are part of the infrastructure for events like the Olympics are also important to map out and include in the overall security posture and controls.
Preparing for the next major event
While the next Olympics is four years away, similar high-threat events will arise in the interim. Organizations can stay ahead by taking these steps:
- Review and enhance cybersecurity controls. Ensure that multi-factor authentication is enabled across as many applications as possible, especially those that contain sensitive company or customer data.
- Increase employee awareness around the event. Reminder training around identifying phishing attacks and fake websites is important as is instilling a culture of cybersecurity awareness.
- Practice third-party risk management. Since most companies rely on vendors and partners to provide services, assessing your supply chain for cybersecurity risks and requiring a strong set of security controls for those third parties is key since they could be entry points to a company’s network or data.
- Architect resiliency into the network and services provided. Implementing a resilient architecture can help withstand cyberattacks. Architect your network and controls to contain the potential damage if a user clicks on a link in a phishing email. Ensure that backups are being done for critical systems and data.
- Use threat intelligence. Threat intelligence can provide valuable insights into the tactics, techniques, and procedures of threat actors that can be used to harden defenses and impact an organization’s threat model.
- Review your incident response plan — update it to reflect the current state of the company’s architecture and processes.
As the current threat landscape continues to evolve, especially as AI penetrates all aspects of security, the ways in which we counter global-scale threats will need to evolve as well. Luckily, events such as the 2024 Paris Olympics illuminate the areas in which organizations must improve so that we are better prepared to counter the threats, on both small and large stages, that will only continue to proliferate.