SECURE the Games: Cyber Risk Strategies for Major Events

SECURE the Games: Cyber Risk Strategies for Major Events by Stern Security

by | Feb 7, 2025 | Strategy

Background

Thousands of wide-eyed spectators around the world were getting ready to watch the Olympics, one of the largest events in the world.  Suddenly the main website for the Olympic games goes down.  The website was not only informational, but it was also the online ticketing system so in-person spectators couldn’t retrieve tickets.  Next, the wi-fi at the games went offline leaving many individuals without connectivity to the outside world.  This happened at the 2018 PyeongChang Winter Olympics in South Korea after a successful phishing attack and malware dubbed “Olympic Destroyer” spread through the compromised network.  Connectivity was restored within a few hours at the 2018 games.  Unfortunately, cyber-attacks are common occurrence at large events.  This is why one must SECURE the Games by implementing solid cybersecurity measures.

Olympic Interview

Jon Sternstein, the Founder and CEO of Stern Security was interviewed by Spectrum News before the 2024 Olympic games in Paris to discuss protecting large events.  In the interview, Sternstein discussed previous attacks at Olympic games.  He discussed how event organizers have their work cut out for them at the games.  Finally, he concluded with a mnemonic, SECURE, he uses to educate event attendees for staying protected.

S – Sources: Use only known good sources of information.

E – Enable updates: Keep devices up to date with the latest patches.

C – Caution with links: Be careful about clicking on links.

U – Use official apps: Only use official apps for event information.

R – Restrict network access: Be careful when joining unknown networks.

E – Enable MFA: Enable multi-factor authentication.

Spectrum News 1 Interview with Jon Sternstein, Founder & CEO of Stern Security

A segment of Jon Sternstein’s Olympic interview can be found here: https://spectrumlocalnews.com/nc/triangle-sandhills/news/2024/08/03/tech-news-and-trends

Quantifying Risk at Large Events

To make the best business case for increasing cybersecurity at major events, one must quantify the risk.  Disruptions to ticketing systems have a direct financial impact that can be calculated.  This is the same with customers asking for refunds because of the inability to retrieve tickets or attend events.  Customers losing confidence in the ability for organizers to have a smooth event, may impact future ticket sales as well.  A cyber attack that limits the ability for spectators to enter a venue (disrupting ticketing systems, misdirecting individuals, etc…) affects concession sales, merchandise sales, and sponsors at the event.  Sponsors may even be less willing to sponsor future events if they lose confidence in the ability for event organizers to pull off a secure event.  Cybersecurity teams can use the financial loss data from quantifying cyber risks to receive the. necessary budget and optimize cyber costs at the event.

The CIA Triad and Large Event Security

The core pillars of cybersecurity are Confidentiality, Integrity, and Availability.  Large games such as the Super Bowl and the Olympics need to cover all three pillars to have a smooth event.

Confidentiality: It is essential to protect attendee data, athlete/celebrity/VIP data, media/programming content, and secure communications.

Integrity: Ensuring that directions, results, ticketing, broadcasts and aren’t tampered with.

Availability: Keeping official communications, apps, ticketing, payment systems, and broadcasts online.

SECURE Mnemonic for Attendees

Stern Security created the mnemonic, SECURE, to help event attendees have an easy way to remember protective measures. 

SSources: Event attendees should only use known good sources of information.  Use the official webpage for an event to receive the schedule, ticketing information, seating, and transportation information.

EEnable updates: Keep devices, including phones and laptops, up to date with the latest patches.  Attendees and spectators may be targeting by malware and it is essential to keep electronic devices up to date.

CCaution with links: Always be careful about clicking on links.  Criminals will often send spam, phishing emails, or malicious advertisements that target event attendees.  Only click on links that are trusted and necessary.

UUse official apps: When attending an event, only download and use the official app, no matter how tempting other events look..

RRestrict network access: In-person attendees should be careful when joining unknown networks.  There may be many “free wi-fi” networks that may be malicious.  Utilize your cellular connection instead of joining wi-fi networks if possible.  If a wi-fi network is needed, only connect to the official guest network that is listed on the official event details.

EEnable MFA: Enabling multi-factor authentication is an absolute necessary security measure to protect your account.  Don’t let criminals get into your account and take your expensive tickets.

Quantifying Cyber Risk and ROI with Velocity

Cybersecurity is often viewed as an expense rather than an investment until an incident occurs.  Stern Security’s Velocity platform helps organizations move beyond vague cyber plans and ineffective gap assessments by delivering quantifiable metrics, optimizing cyber costs, calculating cyber ROI, and prioritizing protective measures.  Use Velocity’s data-driven intelligence to increase security.

Conclusion

As more criminals direct their attention towards large gatherings such as the Olympics and the Super Bowl, cybersecurity professionals must be proactive in their defense efforts.  In order to get the needed resources to protect an event, cyber defense teams must quantify risk and show the likelihood and impact of a cyber threat. The SECURE mnemonic can be used by attendees to have an easy way to remember how to protect themselves while attending events.  When performed effectively, cybersecurity defense measures will help large-scale events operate without incident.