Guidelines for IT Teams Prior to and During the Summer Olympics to Safeguard Their Businesses
Recent reports have highlighted cyberattacks aimed at the Paris Olympics. While ensuring travel safety is crucial, maintaining strong online security measures is equally important for employees working remotely or in the office.
Unlike many other major sporting events, the Olympics span over several weeks and work hours, providing more opportunities for threat actors to exploit the heightened anticipation. Here are some suggestions for IT teams during the Summer Olympics, drawing insights from Microsoft and Trend Micro researchers.
Potential risks of Watching the Olympic Games from home for exposing work devices to malicious actors
Individuals watching the Olympics from home can be targeted by threat actors attempting to gather credit card details, email addresses, or other sensitive information under the guise of the Games excitement.
“They are generally driven by financial motives,” noted Trend Micro’s Vice President of Threat Intelligence, Jon Clay, in an interview with TechRepublic.
Immediate Response on Field and Online Platforms
Contrary to exploiting fears like in other major events, threat actors leveraging Olympics-related attacks capitalize on the thrill associated with the Games.
“Social engineering operates based on three main factors for success: emotional triggers, urgency, and habitual behavior. Threat actors are well aware of how to exploit these aspects,” mentioned Sherrod DeGrippo, Microsoft’s director of threat intelligence strategy, in a TechRepublic interview.
Threat actors may track news from the Games and personalize their attacks based on specific sports or athletes. They might distribute counterfeit links to streaming services or exclusive merchandise, creating campaigns that falsely promote limited-time offers. Their goal is to entice individuals into clicking on links, opening attachments, or visiting websites, as outlined by Clay.
“Following a gold medal win, watch out for emails selling commemorative merchandise or urging you to show support for the athlete,” advised DeGrippo.
SEE: Initiate a career path in IT with this Comptia study pack, currently on promotion.
‘Hacktivists’ Might Concentrate on the Olympic Games
The Olympics could attract “hacktivism”, which involves politically motivated cyber attacks. Recent incidents such as the Russian invasion of Ukraine and the French legislative election could trigger cybersecurity concerns related to activist activities.
Work Credentials are High-Value Targets for Attackers
Credentials linked to work email addresses or credit cards are more attractive to threat actors than personal ones since they can potentially grant access to an entire organization.
Preparatory Steps Ahead of the Olympic Games
Organizations do not have control over employees’ actions on all devices in their home workplaces, although some enterprises monitoring productivity may notice excessive time spent on watching the Games.
Safeguarding cyber well-being on an employee’s personal time during the Games is challenging. However, when it comes to company-owned devices, striking a balance between protection and privacy could be tricky.
To ensure awareness, IT teams can advise employees to:
- Stream the Olympic Games solely from official sources (NBC or Peacock).
- Obtain information or make purchases exclusively from the official website (https://olympics.com/en/paris-2024).
- Avoid downloading unfamiliar apps whenever possible; official Olympics content and streams are accessible online.
- Utilize security products and spam filters.
- Reiterate the company’s device usage policies to employees.
- Stay updated on security training sessions, particularly those related to Olympics-themed activities if provided.
- Avoid clicking on suspicious advertisements.
- Exercise caution with sponsored results in search engine outcomes.
- Promptly notify the organization’s IT or security teams (as appropriate) upon encountering suspicious pop-ups or unusual behavior on their work devices.
When it comes to free streaming services, Clay advised, “If an offer seems too good to be true, it likely is.”
Additionally, IT teams can:
- Take into account time zone discrepancies when employees might be using work devices during unusual hours.
- Coordinate with security vendors to ensure all systems are correctly configured and operational.
- Conduct drills to ensure the team can respond promptly in the event of a security breach.
Engagement with the Games? The organization should exercise additional care
Companies with direct financial ties to the Games, such as sponsors or vendors, need to be vigilant against potential alternative attack routes, even if they are not physically present in Paris. According to DeGrippo, ensuring availability is a top priority for Olympics-associated vendors.
Attackers might set up deceptive domains or adverts with similar names to redirect customer traffic. Organizations must actively search for and monitor such instances.
Implementing standard security or operational protocols can mitigate many of the threats vendors or sponsors might face during the Olympics. For instance, ensure the organization’s backend e-commerce systems are secure and offer customers two-factor or multi-factor authentication.
About Author
