Security Lessons Learned from the Olympics
February 14, 2018
The 2018 Winter Olympics opening ceremony was last Friday, opening the world stage to elite athletes competing in the latest chapter of these historic games.
I consider myself a huge Olympic Games fan, having attended the games in-person in London (2012) and Rio de Janeiro (2016). While I didn’t make the trip to South Korea this time around—I’m more of a summer games fan—I have been thinking about my past Olympics experiences and how it relates to cyber security.
The events are so massive, and the amount of planning and coordination involved is mind-boggling. With so many opportunities for things to go wrong, I’m amazed at what the International Olympic Committee is able to pull off every few years. However, an event of this magnitude does come with significant security challenges and threats, but businesses can learn some lessons from these Olympic experiences.
Know Your Environment
Going to the 2016 games in Brazil, I had one big concern: mosquitos. Athletes, event coordinators and attendees all had to make sure to be armed with sprays, ointments and other treatments to stay pest-free (or at least as close as possible). Catching a serious illness on an overseas trip was not high on my priority list.
Knowing the environment to which I was heading, I was able to prepare and avoided being bitten by any bloodsuckers. This lesson can be applied to cyber security as understanding your organization’s environment is key to building and maintaining a successful security program. There are many questions needing answers such as: What is your risk of an attack? What threats do you need to monitor? What remediation plans are in place? Whose is responsible for what? These questions (and many more) can take your program from reactive to proactive. As I learned in Brazil, it’s easier to prevent mosquito bites than it is to treat the bite itself.
Scams and Threats are Everywhere
Purchasing tickets for an event on the scale of the Olympics is a chore. Due to demand, they are often awarded via lottery, which leaves countless fans out in the cold. From that void, scammers inevitably crop up. I’ve had friends who turned to the black market to buy tickets from scalpers, an unfortunate side effect of high demand and low availability. I can’t imagine a scenario much more stressful than booking an international flight with possibly fake Olympic tickets and getting turned away at the gate. Not a fun flight back home.
Unfortunately, scammers are always lurking. If there is opportunity, there will be bad actors. As such, a few key things to keep in mind:
- Don’t click on suspicious links.
- Confirm identifies of individuals who call you by asking to speak to a supervisor or asking for a call-back number.
- Use caution when sending sensitive documents via the Internet, and use a secure document-sharing application when possible.
- Verify (multiple times, if necessary) if you are suspicious of any individuals or activity.
- Remember others are watching. If you post something about being at the Olympics, there is a chance you could get unwelcome guests to your house back home. Be sensitive to your posts online and with friends while traveling.
Don’t Ignore the Bigger Picture
The Olympics are a true world event. While being exposed to international cultures and new cities is exciting, it comes with a whole set of challenges. Different laws, shifting politics and a dose of culture shock are all things to consider if you are traveling abroad.
Similarly, cyber security doesn’t operate in a vacuum. New government policies and regulations—such as the General Data Protection Regulation (GDPR) coming May 25—can radically alter your security program. Similarly, nation states have taken warfare online, meaning conflict between countries can affect your organization’s security. Trade secrets are attractive to cyber criminals, as is the data many organizations house, making your business a possible target. Indirectly, malware and other attacks executed by nation states can make your organization’s systems vulnerable even if they aren’t being directly targeted.
While traveling for pleasure, many will bring our work with us. This harmless action can expose your information that would normally not be exposed. Check with your company to see if there is a remote way of connecting securely and not taking your system with you. Leverage online systems like OWA, SSO interfaces, and Box editors versus taking your computer and connecting to VPN. Or even better, enjoy your time away and disconnect – vacations are a great opportunity to unplug and relax!
If you can’t resist taking your work with you, keep in mind there are things you want to bring back and other things you don’t. If you can, use a “burner” phone and computer. This will help you to make sure you do not bring back any unwanted malware.
Not If, But When
The 2018 Winter Games is only a few days old and there’s already reports of a cyber attack occurring during the opening ceremony. In security, we talk a lot about how it’s not if an attack will happen, but when. Much like a broken ski pole or a busted skate lace, unexpected setbacks will happen. It’s about being prepared, alert, and when they happen reacting with your plan in mind.