How firms can safe their knowledge because the Summer season Olympics start — and the risk panorama amps up – Go Well being Professional

Baron Pierre de Coubertin, founding father of the trendy Olympics, famously remarked: “An important factor within the Olympic Video games just isn’t successful…however combating nicely.”

Whereas athletes on the upcoming Summer season Olympics will compete onerous to earn medals, a battle of a distinct type will happen behind the scenes: the battle towards nation-state risk actors and different cybercriminals.

The Olympic Video games pose the proper surroundings for cybercriminals to wreak havoc. These high-profile occasions attain a world viewers of billions, and profitable assaults can garner substantial consideration for nation-state risk actors making an attempt to additional their nefarious agendas, or hacktivists making an attempt to unfold a message.

There’s additionally a possibility for assaults for the aim of economic acquire. The sheer quantity of commerce and shopper knowledge surrounding the Olympics is very large, making a plethora of alternatives for cybercriminals to hold out ticketing and journey scams or steal shopper knowledge to commit id theft or fraud.

There have been a staggering 450 million tried cyberattacks in the course of the Tokyo 2020 Summer season Olympics, which passed off in 2021 due to the pandemic, together with malware, electronic mail spoofing and phishing, in addition to pretend web sites made to seem like they have been related to the Olympics. The video games went on with out incident, because of sturdy cybersecurity measures surrounding the occasion, however cybercriminals have had the previous three years to refine their methods.

It could not sound like a lot time, however expertise years are just like “canine years” within the sense that the expertise can change drastically in only a single 12 months. Cybercriminals have new applied sciences at their disposal — most notably generative AI — and there are exponentially extra vulnerabilities to take advantage of because the world has turn out to be that rather more interconnected since 2021, as we noticed final week with the CrowdStrike outage.

Add to the combo heightened geopolitical tensions and armed conflicts, and the 2024 Summer season Olympics are “dealing with an unprecedented stage of risk,” in response to Vincent Strubel, director normal of French cybersecurity company ANSSI. In reality, ANSSI anticipates eight-times extra tried assaults than the Tokyo video games.

It has by no means been a extra essential time for organizations to bolster their cybersecurity posture. It’s true not just for firms immediately associated to the Olympic Video games, but additionally for these additional down the provision chain that aren’t usually uncovered to this stage of threat and are doubtlessly extra weak to cyber threats.

Methods to go for the gold in cybersecurity

With every Olympic Video games, new digital experiences emerge to please attendees and viewers, whether or not that’s via streaming companies, ticketing web sites, or e-commerce choices. At their core, these experiences are all linked by software programming interfaces (APIs). These APIs function communication strains that allow numerous software program elements or functions to share data with one another. In lots of cases, that data accommodates delicate knowledge, and all it takes is one unauthenticated or misconfigured API for cybercriminals to achieve entry to mentioned knowledge.

We discovered the variety of APIs a corporation maintains grows with the scale of the group. A survey discovered that almost 40% of the biggest firms surveyed reported having greater than 250 inside APIs. Instances that by the large variety of firms both immediately or not directly affiliated with the Olympics and the assault floor will get huge. We have to make API safety a high precedence main as much as the Summer season Video games, however it’s simpler mentioned than carried out to safe APIs due to their huge numbers and their dynamic nature.

Happily, expertise has developed proper together with cybercriminals’ techniques over the previous few years. At present, merchandise that leverage automation and machine studying (ML) assist firms successfully catalog, monitor, and shield their APIs by detecting and alerting them to anomalous conduct. These instruments help a proactive method to API safety so firms can establish issues earlier than assaults occur.

Bigger organizations additionally may contemplate establishing a safety operations heart (SOC) forward of the video games. There’s by no means time for an organization’s techniques to go down, however occasions just like the Olympics are particularly downtime-sensitive, and corporations can’t afford to threat shedding gross sales, web site guests, and general productiveness. Having a SOC in place lets organizations reply to points rapidly to keep away from downtime.

Lastly, it’s essential to not overlook the function people play in upholding safety. Leaders want to lift consciousness across the elevated stage of threat surrounding the Olympic Video games and provide cybersecurity consciousness coaching as wanted. Everybody throughout the group should keep vigilant in terms of widespread social engineering techniques malicious actors could use main as much as and in the course of the video games.

There’s no silver bullet in terms of cybersecurity, and we’ll undoubtedly see profitable assaults in the course of the Summer season Olympics. However by practising defense-in-depth and layering API safety on high of current safety processes, together with establishing a SOC, providing cybersecurity consciousness coaching, safety groups can place their organizations to thwart assaults.

Stas Neyman, director of product advertising, Akamai

Add a Comment

Your email address will not be published. Required fields are marked *