Here are some reminders to CISOs about the major threats involved with the global event, and how to protect your workplace
A not-so-fun fact: the number of reported cyber incidents during the Paris Olympics could be as much as ten times greater than witnessed previously at the Tokyo event, where 450m individual cyberattacks had been reported.
Based on these numbers we should be anticipating may a billion individual cyberattacks throughout the Paris event, since cybercriminals are expected to use generative AI (not in vogue in the previous Olympics) to create everything from fake travel documents and event tickets to accommodation and holiday offers to lure unsuspecting individuals.
Further complicating matters, many employees use cloud-based centralized collaborative office-productivity suites their mobile devices, so any threat of business email compromises or phishing has the potential to impact the entire enterprise ecosystem, especially through Olympic-linked lures…
The impact from cyberattacks and fraud linked to the Games will be widespread unless properly contained. How?
Using behavior-based AI threat detection
Despite advancements in technologies and AI, one thing remains constant: the human element.
Humans are fallible, and threat actors know this well enough to frequently exploit vulnerabilities through phishing and social engineering campaigns to gain a foothold into their victim’s network.
While many breaches can be prevented with basic cyber hygiene tactics, most organizations continue to invest in protecting their network perimeter rather than focusing on much needed security controls that can effect positive change to protect against the leading attack vector: lateral movement.
CISOs should consider investing in building a layered approach of not only preventative controls, or looking at known behavior patterns, but also understanding and mitigating unknown threats. These threats require visibility, content and controls, with strategic security partners able to provide significant support in these areas. Behavior-based AI-driven detection is the key to catching unknown threats and attackers deploying new, evasive methods.
Promoting safer employee behavior
Effective cybersecurity awareness campaigns always consider the psychological aspects of human behavior. They aim to engage users by addressing cognitive biases employing behavioral psychology principles and using relatable examples to promote safer online practices.
For example, just reminding employees about the threats of GenAI may not have enough impact on its own to create the desired awareness and behavior change levels. However, if you provide context and real-life examples this quickly changes things: “There have been a lot of cases recently where people have been caught out by Olympic-related scams like phishing emails or other fraudulent activities — often when using their work devices — which has exposed their workplace to cyber threats. It could be you the next time, so please be aware and take preventive steps.”
By training employees, users and customers to be aware of these biases, and simultaneously developing strategies for mitigating their effects, cybersecurity professionals can make more accurate judgements and decisions, and ultimately improve the security and resilience of their digital assets.
The Olympics as a cyber-training benchmark
Taking the necessary steps to defend against the growing threat of AI-powered attacks within your organization can help guard against costly long-term security breaches, protect organizations from evolving attacks, and ensure we are able to enjoy and celebrate significant events such as the Olympic Games.
The large-scale event may be a battle for sporting dominance, but if we can secure our workplace from the massive cyber threats that it attracts, we would have benchmarked our organizational cybersecurity posture against a worthy baseline.
