As the Paris 2024 Olympic Games approach, cybersecurity issues are more critical than ever. Organizations must anticipate massive attacks, potentially 8 to 10 times more numerous than during the Tokyo Olympics, and prepare accordingly to protect their infrastructure and sensitive data. Discover the cyber events of CISOs and their companies during this Olympic year.
By Stéphanie Ledoux, CEO of Alcyconie
The Olympic Games are the most watched sporting competition in the world. They represent a wonderful opportunity to shine the light on an entire country by attracting audiences and media from around the world.
In an ultra-connected world, attracting visibility also means attracting cybercrime.
This is in essence what was stated Franz Regul, head of information systems security for the Paris 2024 Organizing Committee: “Today, the entire organization is based on technology. And wherever there is technology, there are cybersecurity questions and concerns.”
There is little doubt: the Olympic and Paralympic Games will be a playground for athletes but also for cybercriminals from around the world who will turn to France. Contrary to what one might imagine, cyberattackers will not only target the event but a much broader ecosystem of companies, institutions and individuals.
The volume of attacks is likely to be unprecedented. Experts estimate that we could face cyber threats potentially 8 to 10 times more numerous than during the 2021 Tokyo Olympics, during which no less than 450 million cyberattacks were recorded!
Cyberattacks carried out by whom, for what reasons, with what means? How can you prepare for it? How can we ensure that we have sufficiently anticipated possible crises… to envisage the best possible outcomes?
A wide range of threats
Attack for financial gain, hacktivism, destabilization, espionage… Cybercrime takes a multitude of forms and can have various purposes: State groups carrying out destabilization or sabotage actions for geopolitical purposes; groups of independent attackers with purely financial objectives and acting through phishing and ransomware campaigns; groups of hacktivists – whether in the pay of States or not – seeking to get their messages across to the widest possible audience.
Well-known cyber threats that we will likely face during the 2024 Olympic Games include: attacks DDoS which will certainly be used to disrupt the holding of the event; phishing emails which will largely be contextualized around JOPs; THE ransomware which will certainly target more particularly during the Olympic Games companies operating in sensitive sectors or linked to the event in order to put maximum pressure on their victims with a view to obtaining payment of a ransom; or even the defacing websites by state or non-state hacktivists to promote ideological messages, propaganda, etc.
So many formidable scenarios, for which you must know how to prepare.
Like athletes, businesses must train
Athletes prepare for months to be ready for the big day. For companies, the metaphor is significant: they must not suffer or be prey to a state of astonishment when the attack occurs, when a suspicion of violation or exfiltration of data arises. But are they as well prepared as our athletes?
During a cyberattack, time management becomes crucial as the infection and its effects spread quickly. Very often, companies waste considerable time identifying and mobilizing the right people, thus hindering their ability to make the right decisions quickly.
In the context of a cyber crisis, having a crisis management team ready to react is essential. The 1time of the stages of cyber crisis management training is to have defined the “typical team” or crisis unit, which must be brought together to order and manage the crisis.
The typical team and substitutes
The typical team is therefore the crisis unit (the incumbent team) ready for mobilization. Although this may vary depending on the activities and structure of the company, a typical team always emerges. It is generally made up of the crisis manager, a crisis secretary (in charge of maintaining a handbook, listing the history of crisis management) and finally the key departments: Communication, HR, DAF, DSI, without forget the legal manager and the DPO, if there is one.
Substitutes are not just understudies, they play a crucial role. When they come into play, they will bring complementary expertise, cover a broader spectrum, or allow continuity during vacations or unavailability. This assumes that its members (e.g. the sales director, operations directors and directors of subsidiaries or factories when they are involved, etc.) are trained in the same way, and can be mobilized quickly to take over.
The importance of training in real conditions
Once the team is formed, it must have a game plan, otherwise called the cyber crisis management plan (CMP). This plan describes the steps to follow in the event of a cyber attack, whether from a governance point of view (who are the actors of the cell, how to communicate continuously, take rapid decisions, etc.), internal communication and externally, organizational (operation without internet, without access to the network, teleworking or conversely by imposing work exclusively on site, etc.) and technical (system restoration and data recovery, etc.). ).
This company’s strategic game plan for managing a cyber crisis must be regularly tested and revised to guarantee its effectiveness and adapt to rapid changes in the company (employees, managers, tools, the company when it makes acquisitions, when it opens factories, new offices and subsidiaries, etc.). All these developments are expanding the attack surface and making the response to a cyberattack more complex. With a well-designed PGC (Crisis Management Plan), everyone knows their mission, the rules and good reflexes, to act quickly.
The cyberattack is like a match, a competition. Preparing your team, knowing the roles and putting yourself in a mental situation makes it possible to manage the pressure and contain the effects of the attack on the organization, its employees, its customers and its essential activities. A cyber attack puts companies and their employees in contexts of strong stress and uncertainty: it is therefore essential to train with a scenario, that is to say by simulating a realistic attack context (with simulated scenarios of social engineering, intrusion, unavailability of the information system, data exfiltration, disinformation on social networks, etc.). This empirical approach makes it possible to assess the company’s level of preparedness and improve emergency management processes.
Obviously, the sports analogy has its limits. The crisis management team does not need daily or weekly training. Exercises carried out every 6 to 12 months help keep a collective mobilized and ensure that all its members are ready and informed.
Advancing organizational resilience
The Olympic Games are a high point of this year 2024, critical for the cybersecurity of French companies. New regulations like DORA or NIS 2 are signs of a digital transformation that continues at high speed, bringing its share of threats and attacks. Accepting cyber risk means preparing for it: like athletes, let’s train to be ready and not fail on the day of the event.
Knowing how to deal with cyberattacks does not entitle you to a medal, but it can save your company from serious economic and reputational consequences. It is by training ourselves in cyber crisis management that we will know how our resilience capacity is progressing. The benefits in terms of serenity, trust and cohesion within organizations will be the right rewards.
READ ALSO :
Data at the heart of the Paris 2024 Olympics
READ ALSO :
Satya Nadella takes up the pen to instill a Cyber culture within Microsoft
Author Bio
A connoisseur of the digital marketplace and a master of the written word, this 30-year-old English expert brings to the table a wealth of knowledge rooted in the sale of digital products and a passion for blogging that resonates with an audience seeking expertise and insight in the online realm.
Their insights are drawn from hands-on experience navigating the intricacies of e-commerce and content creation—leading the forefront of digital innovation and communication. Whether it’s breaking down complex marketing strategies or sharing tips on how to captivate an online audience, their work stands as a testament to a career built upon successful digital engagement and savvy business acumen.
Stay tuned to absorb compelling content from a voice that not only understands the digital landscape but also shapes its future through every blog post and digital strategy.
