Attack surfaces will be multiplied during games. During this period, the government recommends companies to prefer remote work, mainly to limit the coming of employees to the office in view of the organization of transport.
The 2024 Olympics are fast approaching. Cybersecurity, already a major concern in France in normal times, will be even more so during this crucial, supposed to be festive period. As other major events in the past have shown, cybercriminals tend to use the publicity and media coverage they generate to launch attacks.
In recent months, the French digital landscape has faced increasingly frequent cyberattacks targeting both the public and private sectors, and warnings are growing so that organizations can protect themselves as best as possible in this tense context.
Cybersecurity during the Olympics: frontline businesses facing risks
In the world of work, the protection of information and communications is a major concern. Many companies already have measures in place to maintain optimal privacy, but the Olympics may create disruptions to that reality.
Private companies, especially those involved in the Games, are in the crosshairs and must prepare to ensure the continuity of their servers while protecting their data. During the recent Tokyo Olympics, more than 815 cyber incidents per second were recorded; for those to be held in Paris, some cyber security experts predict up to 10 times that.
Cybercriminals are constantly looking for opportunities for reasons ranging from geopolitical conflict to marketing fake data on the Dark Web. An event on the scale of the Olympics could be an opportunity for these people to destabilize companies that are already failing in cyberspace or are simply less prepared for these types of issues.
VSEs and SMEs are preferred targets as they often invest less in cyber resilience measures in proportion to their budget: cyber security is too rarely considered a priority, even though it is more essential than ever. We also see this when some of these companies are hacked and see their IT services disrupted, seriously hampering their business. Therefore, prevention is better than cure.
The realities of digital risks during the Olympics
Attack surfaces will be multiplied during games. During this period, the government recommends companies to prefer remote work, mainly to limit the coming of employees to the office in view of the organization of transport.
If the majority of companies choose this alternative, the impact will also be felt digitally. Those with little experience working remotely are at increased risk of their employees relying on proprietary and potentially insecure hardware and software. It is therefore even more important to provide communication channels centrally and independently of the arrival points.
The main source of communication for businesses, email is also the main gateway for cybercriminals who, for example, take advantage of employee inattention by impersonating real employees (specifically the “CEO scam”) or by sharing malicious links in the email body .
On the other hand, the dissemination of official information by organizations, institutions and companies participating in the Games can make the identification of spam more complicated. This can be explained by the fact that many users receive few e-mails of this type in their daily lives, and therefore have difficulty recognizing spam – or are simply less careful in the heat of the moment (especially during the purchase of tickets).
We have seen this during the pandemic: the dissemination of so-called “official” information, offers for high-demand products such as respiratory masks or tests or tools designed for remote work are examples of hackers’ preferred methods of accessing PCs or phones, after it corporate networks.
In the same vein, the risk of QR code phishing will also increase due to the widespread use of this format as a means of transmitting official information – and distribution (notably in Ile-de-France).
These variables must be considered to further secure sensitive and confidential data. It is important to have the right tools to ensure better protection, which will certainly never be complete, but enough to reduce damage.
How to prepare your business to reduce risks?
There are resources businesses can rely on in the event of a cyber attack. The cyber crisis management tutorial for companies published late last year by the National Information Security Agency (ANSI) is one of them.
This kit helps with preparation during the Olympic period but remains applicable at all times. Some regions are also introducing business cyber defense systems to lend a hand to companies that don’t have the capacity to do it themselves, or those that don’t know where to start.
Internally, it is recommended that companies organize themselves to reduce risks by separating their networks. Outsourcing certain security services is also a good strategy – especially when it comes to securing email flows and ensuring their continuity in the event of email infrastructure disruption caused by cyber attacks.
Using solutions that guarantee protection against phishing, spam or zero-day attacks is also a good investment. The use of cloud solutions is particularly suitable, as they work completely independently of the company’s sites and the devices used.
On the other hand, they offer a variety of integrated and always-updating data sources as well as AI-based technologies to detect even the most recent or previously unknown attack patterns. This is particularly important in the context of ongoing and developing events such as the Olympic Games.
In addition, the obligation to keep the solutions up to date is no longer on the company, but on the supplier. In this way, new types of phishing, such as the QR codes mentioned above, can also be identified more easily.
The Olympics are a good exercise in cyber resilience, especially when we know this the cybersecurity context that surrounds them is just the beginning of a new standard. It is clear that risk 0 will probably never exist and companies will need to go beyond awareness to encourage the use of innovative tools that allow them to predict and minimise risks.