Rio 2016 is here …..expectations are high for another GB medal haul, but this major sporting event is inevitably going to be a target for cyber attacks
Some facts that will make Rio 2016 a draw for hackers …
- Brazil is already recognized as hub for cybercrime ranking 10th in the Symantec 2015 Internet Security Threat Report
- London 2012 experienced 165 million attempts to breach cyber security , at Rio 2016 it is anticipated that this could be 4 times this….
- 5th August to 21st August presents a significant window for hackers to exploit
- 37 Venues
- 306 Events
- 10,500 Athletes
- 206 Countries participating
- 7.50M Tickets available for the events
- 500,000 overseas travelers expected in Rio de Janeiro
Why The Olympics?
Major sporting events grab the attention of the entire world but unfortunately this also attracts elements of the population who perceive this as an opportunity to be exploited ….. the world of cyber crime.
The threat that cyber crime poses to an event such as this is similar to that which exists for any other business but on a much larger scale and with more dramatic consequences due its high profile and the many threat vectors that exist.
The Cyber Threat Landscape
Some of the targets for cyber criminals are likely to be the following :-
1.The Official Rio 2016 Website
Distributed denial of service (DDoS) attacks preventing access to website by fans.
The accessing of the website by hackers, altering the data such as falsifying the results and interfering with medal tables.
Defacement of the website by a hacktivist.
Spectators and visitors will no doubt access the website via Wi-Fi and vulnerability will exist if they inadvertently log in through a rogue Wi-Fi connection which could lead to the stealing of their personal data.
Ticket fraud with the setting up of bogus websites taking fans money and issuing counterfeit tickets.
Website scamming offering last minute match day tickets for the big events with no ticket actually being produced.
Technology will be pivotal in all aspects of the running of the 37 venues being used in Rio 2016. Entry to the venues, ticketing processing, management of lighting and associated infrastructure would all be impacted in the event of a cyber attack.
4. Competitors Data
The event will involve a huge amount of data ranging from credit card data of spectators, athletes confidential information or the database of the organizers which is likely to be targeted by hackers. This could occur through phishing attacks in order to steal personal private information (PPI)and then lead to possible bank fraud of individuals. Brazil does have an established reputation for on-line banking fraud.
E-mail scamming could be caused by bogus e-mails set up to obtain athletes and officials personal information that could be disseminated over the internet. The endless sending and exchanging of e-mails also presents an opportunity or spamming.
World wide coverage will be provided to this event by television companies who will be reliant on technology and the service could be interrupted or even blacked out by a hacker wishing to cause transmission downtime. For example a video re-run of the 200 m final could be disrupted by a ransomware attack.
7. Computer Network
The spreading of a malware attack within the internal computer network and third party providers could cause enormous interruption to the running of the numerous events taking place. The reliance on technology reaches far and wide ranging from the transportation network to close circuit TV surveillance systems.
8. Mobile Applications
Fake mobile apps devised by developers to give the impression of the official Olympics app. Smartphones area also at risk if stolen and personal data is sourced.
Cyber terrorism could occur in a number of forms. A ransomware attack would limit or entirely restrict the use of computer systems affecting the running of Rio 2016.
There may be political motivation from countries that want to disrupt the Olympics. This could be to make a political stand on an issue or perhaps a country that failed to win an event or perhaps a competitor that was disqualified and the country that was represented takes retaliation.
The threat of remotely controlled drones by cyber terrorist entering an event causing disruption and delay to matches.
Infiltration of social media websites by hackers of the tournament and personal accounts pose a threat to fans , players and officials privacy.
Cyber Risk Management Program
The International Olympic Committee will no doubt have in place a comprehensive cyber risk management program to manage the programs of events which is likely to be broken down into the following :-
- Identification of cyber risk vectors
- The mitigation of cyber risk within the tournament
- The transfer of residual cyber risks that they are unwilling or unable to manage.
Cyber Insurance can assist with the transfer of cyber risks associated with sporting events by providing the following insurance modules :-
- Network Security Liability
- Data Privacy Liability
- Multimedia Liability
- Network Business Interruption
- Data Asset Protection
- Cyber Extortion
- Crisis Management
A cyber insurance policy also provides post breach vendor assistance helping with data breach notification , forensic investigation and public relations.
Rio 2016 is global event that is reliant on technology which does make it especially vulnerable to cyber security threats, it is therefore important that these are recognized and measures are put in place to mitigate the potentially severe consequences that could impact on the games.
Image Credit: rvlsoft / Shutterstock.com