8 Cyber-Security Lessons Learned From the Rio Olympics

The 2016 Summer Olympics drew big crowds—and its share of cyber-security attacks. Here are some of the lessons learned from Rio, and ways to stay protected.

This is one of the simplest ways to avoid risks and threats. Review your network consistently, applying patches, as needed, to defend against known vulnerabilities.

In the data dumps out of the Olympics, some of the passwords and other sensitive information were in clear text and not protected at all. It’s basic, but making sure your data is encrypted can help prevent embarrassing and costly revelations after a hack.

Implement a security solution that includes protection from network- and application-based DDoS attacks, as well as volumetric attacks that can saturate the internet pipe.

By using on-premises systems for detection and mitigation, combined with cloud-based protection for volumetric attacks, you’ll be better able to snap into action should your network be hit by a DDoS attack.

When you use cloud storage, you don’t necessarily know who your neighbors are on your providers’ servers. If one of them is the target of a DDoS attack, the damage could spill over to your properties. Make sure you know your cloud provider’s architecture and security policies, and whether it can separate clean and malicious traffic.

If the data dumps coming out of the Olympics cyber-attacks are verified, they likely were obtained via an injection-based attack, like a SQL injection. Make sure your security solution blocks these kinds of attacks.

Put a strategy in place and tap the right people to carry it out long before any attacks occur. If you don’t have a plan or haven’t revisited it in a while, and if you haven’t designated specific team members to specific roles during an attack, do so now.

Just being associated with the Olympics led to attacks against some organizations. It’s reminiscent of when Nissan was attacked by anti-whaling activists simply because it’s based in a country that hunts whales. You might not be able to anticipate these kinds of attacks, but if you run your security assuming attacks are a matter of when, not if, you’ll be better prepared when they do hit.