By: Rachel Dodd
This winter South Korea is hosting the 2018 Winter Olympic Games in Pyeochang. On February 9th, viewers from all over the world tuned in to watch the spectacular opening ceremony. However, just a few days after the ceremony, Cisco’s information security branch, Talos, confirmed that a cyber-attack occurred during the Olympic Games opening ceremony. This attack caused the official website to shut down for twelve hours, the Wi-Fi connection in the Olympic stadium to disconnect, and left televisions and internet in media rooms inoperable.
Talos identified the malware that was responsible, which was named “Olympic Destroyer”. Researchers noted that the malware focused on taking down systems and wiping out data, more specifically deleting files and their backup copies. Fortunately, the attack was far less damaging than it could have been. However, suspects of the attack have still not been identified by officials.
This is not the first year that Olympic Games have been the target of attacks. At the Beijing, London, and Rio Games, ticket scamming, DDoS attacks, and other attacks against IT infrastructure occurred. A study conducted by University of California Berkley’s Center for Long-Term Cybersecurity, identified four core types of cyber-attacks related to major sporting events; the infiltration of sporting websites and IT systems, ticket-related scams, the hacking and release of sensitive athlete data, and the risk of fans being hacked while attending a sporting event. With the increase in technology and innovation in the sports world, cybersecurity inevitably will continue to be problematic, if not worsen.
Unfortunately, the impact and seriousness of cyber-attacks may not be fully realized by companies’ employees, as evidenced by the lack of security awareness training. Furthermore, only 50 percent of CEOs felt prepared for a cyber-attack in 2015. In the first half of 2016, 3,046,456 data records were stolen every day, which amounts to 35 records stolen every second. The average annual loss of money per businesses worldwide in 2016 was $9.5 million. The prevalence of cybercrime will only continue to rise, costing business all over the world over $2 trillion by 2019.
The attack that occurred at the 2018 Winter Olympics serves as a great example of how damaging insufficient cybersecurity measures can be and the importance businesses place on cyber-security risk management and awareness. Betsy Cooper, executive director of the Center for Long-Term Cybersecurity at UC Berkley stressed the importance of organizations and enterprises in evaluating their short-term, medium-term, and long-term risks so that they can then invest in risks that will affect them the most. As cybersecurity attacks continue to happen to highly publicized events like the 2018 Winter Olympics, businesses hopefully will start to realize the value in strengthening their information security protections and awareness.
Note: The views expressed above are solely those of the author(s) and do not reflect any official position taken by the Information Security and Privacy Law Student Group, the Washington College of Law, or American University at large.