It was a close call, but the 2018 Pyeongchang Winter Olympics almost ended before it started. A harmful cyberattack threatened to cause severe disruptions to the opening ceremony and the subsequent sporting events. Fortunately, a sleepless night at the Olympics' technology operations center allowed for a speedy and efficient incident response process.
Three years later, the threat landscape has changed, and the Tokyo Olympics is no safer than its predecessor. In fact, the heavy reliance on technology means these Olympics might be the most vulnerable Games yet. Not only is the upcoming Olympics' use of technology set to be the most innovative yet, but COVID-related audience restrictions mean spectators must keep up with events electronically. Now that there are events to keep up with, it's not only the athletes who are preparing to show off their skills.
The Gold Medal
The Olympics relies heavily on critical infrastructure, and, to many malicious actors, such entities are ideal targets. Attacking critical infrastructure can cause physical disruption when operational technology (OT) is affected. OT is the technology that interfaces with the physical world; hence, the spillover effects of an attack will cause significant damage to the real world. For this reason, there are several potential motives behind an attack on the Olympics and its related entities. The international attention the Games receives means it is the perfect target for hacktivists, terrorists, threat actors, or others to make a statement. Further, the Olympics can act as a strategic target for state-sponsored groups with a political agenda.
The Hard(ware) Truths
The motives of attackers and the value of the target mean actors carrying out such attacks will likely have advanced, sophisticated capabilities. This means organizations are not protected — even if they think they are.
Truth #1: What You See Is Not What You Get
Enterprises often genuinely believe they have a complete hardware asset inventory and, therefore, a comprehensive security approach. But this is rarely the case. In fact, more than 60% of IT managers have an incomplete inventory of their IT devices. Whether a device is unmanaged, hiding, or spoofing a legitimate one, there are serious, unintentional gaps in enterprises' hardware inventory.
Thinking that all assets are accounted for may be more dangerous than knowing there are some gaps left open. In this situation, the enterprise will not have an effective incident response process in an attack, and the origin of the attack will be difficult, if not impossible, to determine. And, with the Tokyo Olympics relying heavily on technology, the number of devices in use will be extensive, making the risk proliferate significantly. (By point of comparison, the 2018 Winter Olympics relied on more than 10,000 PCs, more than 20,000 mobile devices, 6,300 Wi-Fi routers, and 300 servers.) Enterprises must make more concerted efforts to ensure they have a complete asset inventory by gaining visibility of all OSI layers.
Truth #2: You Undervalue Yourself
Attackers might be sophisticated, but this does not necessarily mean they use their skills to infiltrate a target directly. Sometimes, sophistication means working smarter, not harder; the supply chain allows for the former.
Highly protected targets can be very challenging to infiltrate and, thus, their less-secure suppliers are often a point of infiltration for bad actors. Either the supplier will have access to the target's confidential information or will provide the cybercriminal a pathway (via hardware or software) into the target organization. Supply chain attacks were up sevenfold in the last half of 2020, and this figure will continue rising without major reform. And, with critical infrastructure relying on large supply chains, the Olympics has many entry points. Small organizations who believe themselves to be of no value might just be the barrier (or entry point) between attackers and their target. In 2019, 66% of small and midsized businesses (SMBs) said they believed a cyberattack was unlikely, but 67% of SMBs fell victim to one. In today's interconnected environment, enterprises, no matter their size or nature of operations, must significantly expand their threat landscape awareness; the supply chain is counting on it.
An Extra Year of Training
The postponement of the Tokyo Games to 2021 gave the athletes — and the Olympics cybersecurity teams — an extra year of training. Moreover, increased attacks during the COVID-19 pandemic should have reinforced the importance of advanced cybersecurity efforts. In just a few weeks, the world will watch as athletes compete for gold. Those of us in the cybersecurity world will be watching for any signs of a possible attack. You have your thrills; we have ours.