How do you approach managing the cybersecurity of an event as massive and popular as the Olympics? According to Symantec’s vice president for the Americas, Rob Potter, treat the event like a Fortune 100 company.
“I think it’s very, very similar, both in dollar amounts and in terms of interaction and people, as a Fortune 100 company for the period of time that the Olympics are,” Potter said. “How do you look at how you’re going to do business with multiple countries, and, in this case, hundreds of countries? And how do you make sure you recognize what the threat landscape looks like across all those multi-international organizations? And how do you leverage that against the intelligence you have?”
Symantec is providing network security systems for the Olympic Games, an endeavor that has been years in preparation. The Summer Games in Rio de Janeiro kick off Friday.
“The planning to be involved in and support the Games began right after London,” Potter said, referring to the 2012 Summer Games. He also added that the hosts of such an event would have to plan for the needed IT infrastructure.
“They have to start to think about their infrastructure. Not just from their ability to host the people that will come, and not just from the ability to maintain a physical security presence, but now it’s become critical that they have to take a look at their ability to host the IT infrastructure.”
When it comes to the types of cyber incidents to prepare for, Potter said there are three main areas that corporations will worry about as well: insider threats, cyber criminals, and hacktivism/terrorism.
“There still is the concern around the insider, so you have that concern in any major sporting event,” said Potter, listing ticket and financial fraud as major targets. “The next area is how you combat against all of the criminals that maybe are going to take advantage of some of the information they have about people to do phishing and spear phishing attacks on specific individuals.”
London’s Olympics netted $1 billion in revenue, according to Potter, which tempts cyber criminals to get in on the massive influx of cash.
“And then you’ve got the more worrisome efforts that go on with hacktivism. The Olympics, like any major sporting event, is a key opportunity to get some type of political statement expressed,” Potter said. “There’s no surprise that terrorists have begun to use the Internet as well, and so with any major event like this there’s always some worry about what that target might look like.”
This year, some of the cyber concerns stem from the state of cybersecurity in Brazil as a whole.
“The challenge that you have in any of these environments is that your economic and political environment always has an impact,” said Potter. Recent political upheaval and economic crises in the country make for a tumultuous cyber state. “When you look at the Symantec Internet Security Threat Report, the Brazil region is a top 10 region for cybersecurity threats.”
Based on his experience, Potter also has some recommendations for spectators and competitors to minimize their security risk:
- Stay on top of your device–“Make sure that you’ve got a device that’s up to date with its applications. And if you’re bringing your own communication device, whether it be an iPad or a cellphone, if you’re going to connect that to a wireless network down there, make sure that you’ve looked at the applications on your device to close down any communications that you may be allowing in your home country.”
- Assume you’ve been compromised–“If you’re going to be logging in and using your device, when you leave, or even while you’re there quite frankly, you should not leave there thinking that your user ID and your password are still reliable. You should leave there with an assumption that you’ve been compromised and do everything you can to change your passwords and update your phone.”
- Don’t use your critical information–“Minimize the amount of interaction you do with your critical data. The convenience that people have communicating socially with that device means many people will take the risk of accessing information on that device and leveraging networks that are free.”
Potter worries that the excitement of digitally participating in the Olympics will cause people to forget the dangers inherent in using their mobile devices while there. He also suggests that people don’t let their guard down, even when they get home a few days or weeks later. “That’s when this information is used in a fraudulent way,” he said.
He said that if people want to better understand risks that happen in these events, Symantec, DHS, and other cybersecurity experts offer resources on their websites.
“If you’re traveling overseas, I think it’s worth your while and a good investment to read some of these types of documents and take a good look at your personal device that you’re bringing,” Potter said.