How the International Olympic Committee can win gold in cybersecurity

While hackers like “Fancy Bears” may continue their mission to create headline-grabbing attacks and disruptive behavior, there are steps every institution across the world and in varying industries can take so they don’t fall victim.

nup 177120 0001
NBC

Every two years, news cycles are dominated by stories surrounding the Winter or Summer Olympics. While stories typically focus on athlete preparations, gold-medalist predictions and the host city, this year’s crop of articles include a new topic: cybersecurity. On the heels of a year that saw a barrage of detrimental cyber-attacks, it should be no surprise that the same hackers who claimed ownership for leaking Hillary Clinton’s emails and attacking the Rio Summer Olympics are also taking responsibility for initiating a phishing scam and targeting airports, government workers and employees of this year’s Winter Olympics.

There’s clearly a theme behind how the Russia-linked group named “Fancy Bears” identifies its targets; similar to past attacks, this one was guaranteed to give them high-visibility and create a level of distrust on a global scale. In addition to the target, there’s also a consistency between attacks regarding how they’re engineered. Email continues to be the preferred entry point for hackers, who use social profiling tactics to entice individuals to open a document, click a link or share confidential information. And although recent reports indicate that the hackers obtained a small number of emails from individuals associated with the Olympics, it would not be surprising to see the group try to escalate its attack once the games kick off. Enough leaked information could put the International Olympic Committee in a bad light and cause global citizens to question its ability to run a tight ship.

But that’s not for lack of trying from the host country. South Korea made it clear that the country would be taking extra measures to ensure the safety of the 2018 Winter Games, including setting up a dedicated cyber defense team. The government reportedly invested 1.3 billion won ($1.2 million) for cyber security protection in 2017. Unfortunately, the weakness lies in the infrastructure of the International Olympic Committee’s IT system, which is rebuilt every two years to support the current games. Without a consistent system in place, it’s difficult for the organization’s cybersecurity protocols to be bulletproof. This is particularly problematic given that many of the individuals associated with the games are likely volunteers, who – unless hired full-time – probably don’t receive an Olympic-specific email address.

In order to prevent the increase of these attacks or any future hacks, the International Olympic Committee should consider several security steps, such as:

Training employees and volunteers to be ‘security aware’

This is particularly crucial for part-time employees who may use personal email addresses or operate outside of the committee’s IT system. Every individual involved in the organization should be educated on topics such as how to spot fake emails and not to click on links that seem suspicious. There should be a specific on training how to spot common hacking tricks to better identify suspicious activity – especially phishing emails.

Adopting strong email and communications compliance systems year-round

With the proper system in place, the International Olympic Committee would be able to quickly identify risky behavior among employees and volunteers, manage and archive confidential records and flag security threats before a hack happens. A strong system would also track previous hacks to ensure those gateways are closed and impervious to a future attack.

Implementing Domain-based Message Authentication Reporting and Conformance (DMARC) protocol

DMARC is an email authentication, policy and reporting protocol that can help remove the guesswork from emails and help limit or eliminate exposure to potentially harmful phishing or spam tactics. For employees and volunteers who often fall victim to spoof emails and can’t identify what’s real from what’s fake, having a backup system in place could be the secret to preventing another attack.  

While hackers like “Fancy Bears” may continue their mission to create headline-grabbing attacks and disruptive behavior, there are steps every institution across the world and in varying industries can take so they don’t fall victim. Investments in the proper technology and cybersecurity best practices are essential pieces to that strategy, and what organizations like the International Olympic Committee should consider to ensure the security of one of the most-watched events in the world.

This article is published as part of the IDG Contributor Network. Want to Join?

NEW! Download the Winter 2018 issue of Security Smart