18 Cyber-Security Lessons Learned From the Rio Olympics
The 2016 Summer Olympics drew big crowds—and its share of cyber-security attacks. Here are some of the lessons learned from Rio, and ways to stay protected.
2Maintain and Inspect Your Network Often
This is one of the simplest ways to avoid risks and threats. Review your network consistently, applying patches, as needed, to defend against known vulnerabilities.
3Encrypt Your Data
In the data dumps out of the Olympics, some of the passwords and other sensitive information were in clear text and not protected at all. It’s basic, but making sure your data is encrypted can help prevent embarrassing and costly revelations after a hack.
4Guard Against Multi-Vector Attacks
Implement a security solution that includes protection from network- and application-based DDoS attacks, as well as volumetric attacks that can saturate the internet pipe.
5Combine On-Premises and Cloud for Better Protection
By using on-premises systems for detection and mitigation, combined with cloud-based protection for volumetric attacks, you’ll be better able to snap into action should your network be hit by a DDoS attack.
6Be Ready for Collateral Damage, Even if You’re Not Part of a Big Event
When you use cloud storage, you don’t necessarily know who your neighbors are on your providers’ servers. If one of them is the target of a DDoS attack, the damage could spill over to your properties. Make sure you know your cloud provider’s architecture and security policies, and whether it can separate clean and malicious traffic.
7Stop SQL Injections and Other Web-Based Attacks and Intrusions
If the data dumps coming out of the Olympics cyber-attacks are verified, they likely were obtained via an injection-based attack, like a SQL injection. Make sure your security solution blocks these kinds of attacks.
8Assemble an Emergency Response Team and Plan
Put a strategy in place and tap the right people to carry it out long before any attacks occur. If you don’t have a plan or haven’t revisited it in a while, and if you haven’t designated specific team members to specific roles during an attack, do so now.
9If You’re in the Public Eye, Assume You’ll Be Attacked
Just being associated with the Olympics led to attacks against some organizations. It’s reminiscent of when Nissan was attacked by anti-whaling activists simply because it’s based in a country that hunts whales. You might not be able to anticipate these kinds of attacks, but if you run your security assuming attacks are a matter of when, not if, you’ll be better prepared when they do hit.