How The IOC Went For Gold On Cyber-Security In Rio
August 23, 2016 (Cy-pher) — Cyber-attacks targeting sport events, organizations and individuals is increasingly common. Earlier this year, a NASCAR racing team was the target of a ransomware attack.Â More recently, a federal judge sentenced a former scouting director of the St. Louis Cardinals for hacking the Houston Astrosâ€™ player personnel database and email system.Â What could be a more attractive target than the Rio Olympic games, one of the premier sporting events in the world?
With the conclusion of the Rio 2016 OlympicsÂ the general consensus is that the International Olympic Committee (the â€śIOCâ€ť) has been pro-active and successful on the cyber-security front. The result has been that a large and complex sporting event such as the Olympics has not been disrupted by a cyber-attack. How did they pull it off and what can other organizations learn?
Have a look at this press release issued by the IOC early lastÂ week touting what a great job its digital vendor did leading up to and during the Olympics. In addition to heralding hardworking IT personnel, it provides a usefulÂ glimpse into how the IOC approaches cyber-security. Not only was this the first time that digital systems to recruit volunteers, support workforce management and process accreditation have been managed in the Cloud, but the IOC relied on real-time data analytics to improve cyber-security by tracking nearly every digital activity within the Olympic network, ensuring zero impact on the games.
What this tells us is that the traditional â€śfortressâ€ť model which has been (and in many instances, continues to be) employed by organizations is no longer effective. Modern tools like data analytics, artificial intelligence and remote monitoring now allow organizations to immediately identify intruders and take appropriate steps â€“ all of this in an environment where data is being moved to the Cloud.
These modern tools need to be coupled with an overall data-centric protection approach which allows organizations to mitigate the risks associated with a cyber-attack. Practically, what this means is that organizations need to clearly map out what information they hold (e.g., credit card information, personally identifiable information, intellectual property, etc.), implement basic security measures to secure sensitive information (e.g., encryption, key management, two factor authentication, etc.) and invest in modern security tools like data analytics. Â
While these Olympics have generally been cyber incident free, the challenge organizations face going forward is that hackers are constantly evolving their tactics and becoming more and more sophisticated. While new tools and a new mindset help, the true key to cyber-security will be constant vigilance.
Imran Ahmad is based in Toronto and leads the cybersecurity law practice at the Canadian law firm Miller Thomson LLP