How The IOC Went For Gold On Cyber-Security In Rio
August 23, 2016 (Cy-pher) — Cyber-attacks targeting sport events, organizations and individuals is increasingly common. Earlier this year, a NASCAR racing team was the target of a ransomware attack. More recently, a federal judge sentenced a former scouting director of the St. Louis Cardinals for hacking the Houston Astros’ player personnel database and email system. What could be a more attractive target than the Rio Olympic games, one of the premier sporting events in the world?
With the conclusion of the Rio 2016 Olympics the general consensus is that the International Olympic Committee (the “IOC”) has been pro-active and successful on the cyber-security front. The result has been that a large and complex sporting event such as the Olympics has not been disrupted by a cyber-attack. How did they pull it off and what can other organizations learn?
Have a look at this press release issued by the IOC early last week touting what a great job its digital vendor did leading up to and during the Olympics. In addition to heralding hardworking IT personnel, it provides a useful glimpse into how the IOC approaches cyber-security. Not only was this the first time that digital systems to recruit volunteers, support workforce management and process accreditation have been managed in the Cloud, but the IOC relied on real-time data analytics to improve cyber-security by tracking nearly every digital activity within the Olympic network, ensuring zero impact on the games.
What this tells us is that the traditional “fortress” model which has been (and in many instances, continues to be) employed by organizations is no longer effective. There are many cybersecurity-related websites that are available to try and combat the issue with cyber attacks. Companies such as SubRosa Cyber and many more are available to explore online and consider for your own software in regards to cyber security. Modern tools like data analytics, artificial intelligence and remote monitoring now allow organizations to immediately identify intruders and take appropriate steps – all of this in an environment where data is being moved to the Cloud.
Moreover, it is no secret that artificial intelligence has totally revolutionised the cybersecurity industry. Whether this is by the use of Mobile Threat Defense or specialist software, AI is a huge benefit. For example, artificial intelligence software automates the process of detecting advanced threats. In short, this means that AI can analyze the very large volume of activity that takes place across a company network and the massive volume of emails, files, and websites accessed by employees in a small fraction of the time that would otherwise be needed by humans. Furthermore, by reaching out to a team that offers AI consulting services, you can find further information about the cybersecurity advantages of using AI technology.
The important thing to remember is that these modern tools need to be coupled with an overall data-centric protection approach which allows organizations to mitigate the risks associated with a cyber-attack. Practically, what this means is that as well as conducting cyber security audits, organizations need to clearly map out what information they hold (e.g., credit card information, personally identifiable information, intellectual property, etc.), implement basic security measures to secure sensitive information (e.g., encryption, key management, two factor authentication, etc.) and invest in modern security tools like data analytics.
While these Olympics have generally been cyber incident free, the challenge organizations face going forward is that hackers are constantly evolving their tactics and becoming more and more sophisticated. While new tools and a new mindset help, the true key to cyber-security will be constant vigilance.
Imran Ahmad is based in Toronto and leads the cybersecurity law practice at the Canadian law firm Miller Thomson LLP