Lessons in Incident Response from the Olympics and World Cup
In a recent discussion featured in Dark Reading’s Reporters’ Notebook, experts from various cybersecurity sectors convened to draw significant insights from large-scale events like the Winter Olympics and the World Cup. The conversation, led by Tara Seals, managing editor for Dark Reading, included Sharon Shea from TechTarget SearchSecurity and David Jones from Cybersecurity Dive. These events, which command global attention and draw billions of viewers, are not only spectacles of athletic achievement but also focal points for potential cyber threats.
Seals opened the dialogue by highlighting the heightened cyber risks associated with these international gatherings, particularly in light of recent events in Milan, where the Winter Olympics occurred. The Italian government reported successful thwarting of multiple cyber attacks during the games, although details surrounding these incidents remained undisclosed. "While it might seem like these events have little in common with everyday businesses, I think there are valuable incident response lessons to be learned," Seals noted, setting the stage for a thoughtful exchange on security protocols essential for preserving the integrity of such gatherings.
Jones, known for his investigations into cybersecurity risks associated with major events, emphasized complex geopolitical factors at play. He articulated that the need for coordinated strategies among various stakeholders, including venue managers and international allies, is paramount to ensuring safety and security. “These events require careful consideration of the venue and coordination with allies to prepare and respond to potential incidents,” Jones explained, underscoring the multifaceted challenges that such large-scale events pose.
Among the risks, both physical and cyber threats loom large. Jones elaborated on how attackers often seek to make a broad statement to a global audience through disruptions, particularly by interfering with broadcasting services or delaying live coverage of events. This strategy has been utilized in past Olympic Games, where thwarted attacks serve as reminders of the significant efforts required to secure events from visible disruptions.
Seals highlighted one notorious incident from the Pyeongchang 2018 Winter Olympics, where the Olympic Destroyer malware disrupted critical infrastructure during the Opening Ceremony, affecting Wi-Fi networks and ticketing systems. Although the attackers did not fully succeed in their objectives, the incident illuminated vital lessons concerning planning and incident response. Similarly, during the London Olympics, the UK’s successful preemption of a power grid attack showcased the frantic behind-the-scenes efforts to maintain security.
The panel then shifted focus to the connection between the threats observed in such epic events and the realities faced by everyday businesses. Jones pointed out that major corporations often sponsor these global sports events, and as a result, their executives and sensitive data become prime targets for cybercriminals. “Protecting these individuals and preserving the company’s reputation is crucial,” he underscored, noting that vulnerabilities present during significant events can extend into the corporate realm. Attacks can diminish brand reputation and create operational challenges that resonate far beyond the immediate incident.
When discussing potential best practices, Shea articulated that global events act as real-world stress tests for incident response strategies. Organizations need to cultivate a well-structured and regularly updated incident response plan to mitigate potential risks. “Preparation is key. Organizations need a well-vetted, regularly tested and updated incident response plan,” Shea emphasized, expounding on the necessity for integrated teams that can handle incidents effectively.
The panelists unanimously agreed on the importance of practice in enhancing an organization’s preparedness. Exercises such as tabletop drills, simulations, and red/blue team assessments are critical for enabling teams to work cohesively under pressure. “The first time an incident happens should not be the first time your incident-response team sees the incident-response plan or playbook,” Shea stressed, emphasizing the significance of preemptive measures.
Another crucial aspect discussed was the management of the third-party ecosystem prevalent in large-scale events. Shea pointed out that events like the Olympics engage numerous stakeholders—ticketing agencies, streaming services, vendors, and sponsors—creating vast attack surfaces. Just one vulnerability can spiral into significant repercussions, paralleling organizations that work with various partners and suppliers. “Vetting who you work with and continuously monitoring vendors is essential for maintaining a secure partner and supply chain ecosystem,” she advised.
The conversation further reaffirmed the significance of effective communication during crises. As Shea articulated, “How quickly and effectively you communicate during an incident matters as much as how quickly you remediate the issue.” A robust crisis management communication plan is imperative for maintaining trust and minimizing chaos during potential breaches. The discussion underscored that consistent messaging among stakeholders, whether employees, partners, or regulatory bodies, can greatly affect the overall incident response efficacy.
In conclusion, while high-profile events like the Olympics and World Cup are meticulously organized well in advance, attackers continuously seek to exploit any vulnerabilities. Jones summarized the overarching theme that emerged during the discussion: the importance of cooperation and coordination among partners cannot be overstated. By managing both physical and digital security collaboratively and developing solid incident response frameworks, organizations can strive to be the opposite of a “weak link” amidst potential threats.
The insights gleaned from such comprehensive discussions emphasize the reality that the lessons learned from grand events are invaluable for organizations navigating today’s complex cybersecurity landscape.