By Brian Pinnock, Vice President of Sales Engineering at Mimecast
The Paris 2024 Olympics games are here, and for the first time since 2020, spectators are welcome to attend, with an influx of 15 million people expected to attend the events. As the world’s attention has turned to this prestigious event, experts and law enforcement warn that a surge in cyberattacks is expected. According to the World Economic Forum, the Paris Olympics games are expected to generate around 11 billion euro in economic activities, making them a coliseum for cyberattacks.
The Paris Olympic Games, a prime target for cybercriminals
With cybercriminals constantly trailing large gatherings, the Olympic Games are no stranger to cyberattacks. With a massive inflow of trade and data at one location, the event is an attractive target for bad actors. During the last Olympic Games in 2021, Japan suffered almost 450 million attempted cyberattacks in just two weeks. According to the Olympic Games Organizing Committee (Cojo), “the level of threats will increase tenfold” this year. The cyberthreat will be considerable during the 2024 edition of the Olympics: experts predict more than 4 billion cyberattacks, compared with 450 million in 2021. Indeed, the Olympic Games are among the most high-profile events in the world: this visibility makes them a prime target for hackers, who see in these platforms’ opportunities for massive gains. As France takes centre stage, and given the current geopolitical conflicts, the Olympics will be a prime target for state-sponsored hackers who would like to see the event fail.
Attacks can take many forms, from fake rental ads to the sale of counterfeit banknotes. The French Ministry of the Interior’s cyber-crime investigators monitoring scams have identified over 80 fraudulent sites offering fake tickets for sale, of which 40 have been shut down. In addition, a major vulnerability lies in the distribution of tickets by e-mail, accompanied by QR codes subject to squishing, a phishing method with which cybercriminals redirect their victims to fraudulent links via a QR code. This is a fast-growing method of attack, with cyber-attackers constantly seeking new ways to deceive users and circumvent security measures. What’s more, the Olympics represent a golden opportunity for cybercriminals to cause major damage by exploiting the high media profile of the event due to the concentration of sensitive data and technological infrastructures.
The human factor at the heart of information security
The security of government-sponsored Olympics cannot rest on the shoulders of a single entity. In a world where 99% of the underlying technologies emanate from the private sector, collaboration is essential. The security of state institutions is not necessarily a source of concern, but the organisation of the Olympics can pose challenges, not least because of the lack of experience of the people mobilised for this global event. As such, security depends both on individual responsibility and on a collective, more global approach.
The issue of e-mail security is a crucial one. With most communications and information passing through this channel, it is imperative to reinforce defences at the individual level. An attack is created at the lowest common denominator: for the Olympics, this means every single person involved in the event. With thousands of people working temporarily for the event, awareness and protection of each individual’s data systems is essential. It is imperative to adopt a collective approach, promoting information sharing and team spirit. The fight against cybercrime embodies the metaphor of rugby: a collective combat sport whose values and methods can be invaluable in defeating cybercriminals.
Consequences that can be disastrous
Despite organisers’ efforts to anticipate and manage attacks to keep the Games running smoothly, cybercriminals are redoubling their efforts to achieve their goals. During the 2018 Olympic Games in South Korea, several cyberattacks were recorded, the most notable of which was the “Olympic Destroyer” attack, which disrupted the Olympic launch ceremony and targeted IT systems, resulting in large-scale disruptions such as the shutdown of the internet network, television broadcasting, and ticket management. This incident highlighted the vulnerability of sports games to cyberthreats, underlining the growing importance of cybersecurity.
In addition, cybercriminals could disrupt the smooth running of sporting competitions, by interfering with live broadcasting and timing systems, as well as the safety of athletes. Cyberattacks also entail considerable financial losses due to damage to equipment and expenditure on restoring compromised IT systems. Finally, a successful intrusion into security systems could tarnish France’s reputation, calling into question its ability to organise events of this scale, with possible long-term repercussions on its international relations.
Conclusion
To effectively address the rising threats in the cybernetic environment, it is crucial to implement comprehensive measures targeting both employees and infrastructure to enhance the security of events. Key strategies include raising public awareness through ongoing campaigns, as well as training employees and staff in cybersecurity, recognising that a single individual can compromise a central system. Additionally, conducting exercises to simulate potential scenarios will bolster preparedness. Leveraging cloud-based solutions can also enhance staff protection, while robust email security measures are essential for identifying and preventing fraud, identity, and data theft.
