The Biennial Cyber-Threat: How to Keep Your Company Safe During the Olympics
With the 2018 Winter Olympics in full swing, these biennial Games may already be challenging the stamina and commitment of your security team almost as much as that of the athletes involved.
How can the Olympics in faraway PyeongChang be a threat to you? Malicious actors know that many of your employees will be tuning in to the Games from work. Those actors can then use the Olympics to launch far-reaching malware campaigns as well as more targeted attacks.
In fact, Olympic officials confirmed that the Games themselves were already the target of a sophisticated attack during last week's opening ceremony.
While the majority of businesses will not find themselves singled out in such blatant fashion, they should still prepare for the possibility of a barrage of spam emails and other attempts designed to lure their employees into clicking on links or downloading files that could infect their companies' machines and overall networks.
And that will only get worse before it gets better: As the Winter Games move closer to their grand finale, this potentially damaging email traffic will only increase during the final rounds of popular events and the coverage of the closing ceremonies.
That's why business leaders should pay attention to the fact that, whether they like it or not, many employees are getting their updates and video highlights at work, which is why organizations are seeing their network traffic soar.
During the Summer Olympics, in Rio in 2016, the network broadcasting them -- NBC -- provided over 4,000 hours of streamed content. Amid all the resulting traffic, according to a survey by WAN-optimizer Riverbed Technologies, 69 percent of organizations polled reported at least one network issue caused by employee access to Games content.
This surge in network activity and monitoring volume provides an effective screen for malicious actors, who can hide their activity amid the noise, the change in traffic flows, system-usage anomalies and, frankly, chaos. Network monitoring can be expected to be flooded. And that will mean that individual events will be far less visible, maybe even lost, in the static, while end-users are bombarded with opportunities to view content that may or may not be authentic.
What you can do to protect your network.
To minimize the likelihood of experiencing an unplanned Olympic "downhill event" in your own security management program, here are five recommendations for dealing with this upsurge during the games:
Partition corporate and BYOD traffic. While many employees attempt to access Olympic coverage at work, most do so from their personal devices. Where possible, it's always a good idea to create one network for approved corporate traffic and a separate, second one for employee/guest device connectivity.
In this way, you might be able to use the Olympics as a catalyst to create that second, less-trusted network that you’ve always wanted, restricting potentially untrusted traffic to a second, partitioned network.
Inform your employee users that network activity is going to be monitored even more closely than usual. Let them know that there are increases in traffic and traffic types expected during the Olympics, and that the organization is going to step up monitoring in order to avoid unexpected network congestion and down time.
If you can, set some limits or add some restrictions for employee visits to these streaming sites, and to the links they are allowed to visit. For the period of the Olympics, some additional network filtering may be critical to encourage users not to click on links from untrusted sources. They may not hold back because of fear of infection, but they will likely resist the temptation if they think this activity is being closely monitored.
Educate your users about the risks of social engineering. Whether it is inbound emails from what look like national team-related groups, or short-links posted in comments sections of active articles and newsgroups, your users should recognize that smart attackers are using the passion and intensity of Olympics enthusiasts to get them to make mistakes.
Instruct employees how to examine hyperlinks before clicking on them, and show them how to scrutinize URLs to ensure the sites they are visiting are authentic and secure.
Increase your outbound network traffic scrutiny. It's very common for organizations to encounter a spike in inbound traffic as users begin to stream games, updates and communications about their favorite teams and events. While continuing your internal and inbound monitoring is important, it's also important to add some additional checks for unusual outbound behaviors.
This action will provide a more tractable means of detecting possible internal corruptions and breaches, without your having to sort through that spiky influx of media and data.
Overall, enjoy the Olympics. Root for your favorite athletes (Go, Team U.S.A.!) But also use the Olympics as a catalyst for getting more proactive and strategic about your company's security. From an IT perspective, a positive aspect of the Games is that the challenges they present occupy a strictly defined window of time. You know exactly when the risk period is going to start and how long it's going to last.
And that kind of predictability is a rare thing in cybersecurity. In general, damaging events are far more likely to occur when you least expect them, and mitigation can sometimes stretch on far longer than you'd originally planned. So, as you step back and bolster your network to handle additional threats and traffic these next two weeks of the Olympics, take the opportunity to consider more strategic improvements that can keep your organization more secure the whole year 'round.
The Olympics happen every two years, and their impact on infrastructure and security shouldn’t surprise anyone. Plan ahead. And get your monitoring, back-up, endpoint security and disaster recovery in line. With your security ensured, you should be able to celebrate at the end, no matter who is on the medals awards platform.