A definite sign of the times in which we live is that as the world gears up for a major global event in a couple weeks in Sochi, Russia, the number-one topic of conversation is security and not the Olympic Games themselves.
Ever since the tragedy at the 1972 Games in Munich, security and guarding against attacks has become a priority for event organizers charged with keeping both athletes and observers safe. In recent versions of the Games, the term security has been broadened to include not only physical security, but network security as well.
Physical security will always receive the majority of attention, and rightly so as you can’t compare the loss of data with injury or loss of human life. However, organizers must remain hyper-vigilant against cyber-attacks and Internet scams as large-scale, international events are a favorite of hackers and malicious cyber groups. As a cyber-security specialist, one of my concerns heading into these Olympic Games is that the public has become somewhat desensitized to cyber-attacks and we may not have the same level of vigilance against cyber threats as we should.
NBC Experience Store window display decorated with Sochi 2014 XXII Olympic Winter Games logo in Rockefeller Center in Midtown Manhattan on December 19, 2013.
In the past few weeks alone we’ve read about high-value breaches at leading retailers such as Target Corporation and Neiman Marcus but with the exception of those directly affected, it didn’t seem to cause much of an uproar or major shock amongst the common consumer. But as any security expert will tell you, you are always at your most vulnerable when your guard is down. That’s why in situations like walking to your car in a parking garage, you should always aware of your surroundings, have your keys in your hand, look around to see if anyone following you, avoid talking on your cell phone, etc. These steps make you more vigilant and less of an inviting target.
Leading into the London Games a couple of years ago, cyber security was at the forefront of the conversation because there was much speculation that a significant attack was going to take place. I believe that part of the reason an attack never took place was not only the expertise and dedication of the security team, but the level of focus and vigilance of those working and attending the Games. While those waiting to write a big cyber story from London may have been disappointed, I believe the London Games represented one of the crowning achievements of our industry. I wrote a piece just after the games that marking the significance of the achievement:
Maybe no news really is good news. I realize a lead that says ‘Nothing Happened’ isn’t going to excite a lot of people, but when the entire world is watching and almost expecting a significant cyberattack, the fact that the cybersecurity team for the London Olympics left them all wondering why an attack never materialized isn’t just good news – it’s big news. The Games, dubbed the largest social media event of all time and the most technologically-dependent Olympiad in history, went off without a hitch. So how in the age of sophisticated threats and non-stop attacks were they able to accomplish this? Largely by being proactive through the use of predictive security measures which allowed them to identify and prioritize critical functionality. Full piece can be found here.
Heading into Sochi it feels like a completely different scenario. Over the past couple weeks we’ve seen reports of terrorist attacks in the region and have heard of Russian authorities seeking persons of interest known as “black widows.” These storylines will, and should, understandably dominate the news cycles leading up to and throughout the games. I read a story this morning on Yahoo News quoting veteran security consultant Bill Rathburn. “The security threat is higher than it’s ever been in the history of the Olympic Games,” Rathburn told Yahoo News. “In my opinion, it’s not a matter of whether there will be some incident, it’s just a matter of how bad it’s going to be.” Rathburn is a former police chief in Los Angeles and Dallas and directed security for the 1996 Summer Games in Atlanta. He’s also served in various planning roles for six other Olympics. In short, he knows what he’s talking about.
So while cyber may not be the number one priority this time around, it can’t be ignored. My advice to those attending the Games or interacting with Olympics-related sites is to stick to the basics and keep it simple.
• Make sure the Web sites you are visiting are legitimate
• Don’t click on links from people you don’t trust, no matter how intriguing or sensational the headline may be
• Don’t ever give personal information to unconfirmed sources
• Check your account balances frequently to ensure your accounts haven’t been compromised
• Change your passwords, make sure they are of proper strength and don’t use the same password across accounts
• Be careful with what you share online, your friends aren’t the only one who can see this information
• Be vigilant! If something doesn’t seem right, it probably isn’t.
While it’s sad that physical and cyber security are main topics at the world’s largest goodwill events, it’s become a sign of the times in which we live and should be treated as an event in and of itself.
Mark Hatton is president and CEO of CORE Security. Prior to joining CORE, Hatton was president of North American operations for Sophos. He has held senior roles with companies ranging from venture capital-backed, early-stage software vendors to a Fortune 500 information technology services and distribution organization. Hatton holds an MBA from Boston University, Massachusetts and a BA Communication from Westfield State College, Massachusetts.Previous Columns by Mark Hatton:Will Security be Sochis Most Watched Event?As Security a Professional, What Will You Be Focused on in 2014?The Grinches Who Stole SecurityWhat Would Nostradamus Have Said About Cyber Security in 2014?Think Like an Attacker for Better Defensive Capabilities
Tags: INDUSTRY INSIGHTS