3 Things Enterprises Can Learn from The Winter Olympics Hack

olympics hack learning SIEM security

By now you’ve probably heard the news: The 2018 Winter Olympics in PyeongChang, South Korea, suffered a hack during the opening ceremonies, affecting their website and television services. While the damage was not lasting—some of the systems were wiped but not so deeply as to be insurmountable—it forced the Olympic organizers to shut down their servers for 12 hours. According to organizers, the hackers did not compromise crucial operations. The identity of the hackers, and their motivations, have not yet been confirmed, although a nation-state actor is highly suspected.

The Opening Ceremony is not the first of its kind in any way, but it is another global demonstration of the chaos and disruption threat actors can wreck on enterprises and organizations alike. Therefore it is important for enterprises to learn from the circumstances surrounding this attack, and prepare their security analytics policies and capabilities accordingly.

Here are the 3 things your enterprise can learn from the Winter Olympics hack.

1. Your Reputation Can Be Just As Vulnerable as Any Database

Keeping your databases secure is obviously the number one priority of any SIEM or endpoint security platform. Your data and financial information is a lucrative target for the unscrupulous. But not every hack is meant to steal data. Instead, as we’ve seen in the Winter Olympics hack, the prime goal of a cyber attack can be to sow humiliation and chaos.

The IOC have been handling the hack remarkably well, but they still had to deal with 12 hours of downed servers and lost online ticket sales. They did suffer a humiliation on the world stage in front of millions of people, and their business was disrupted however briefly. The sheer amount of press this security incident received should prove the former point.

As an enterprise, you too can suffer a hack that aims only to disrupt your daily business and make you look the fool. And unlike the Olympics, you may not be able to bounce back so easily. This is why having a solid incident response plan, having a solid SIEM solution or security analytics platform, and participating in constant monitoring of your enterprise’s activity is so vital—once a hacker gets in, they essentially have free reign over your servers. And they’ll never use that power for your good.   

2. There are Often Warning Signs Before a Large Cyber Attack

Earlier this year, we actually reported on phishing attempts on the 2018 Winter Olympics organizers. At the time, they were traced to Russian intelligence agencies, motivated by revenge for Russia being banned from the games this year due to a mass doping scandal.

Russia denies any involvement in any hack, but whether they were involved or not is not the big takeaway here. Instead, it is that smaller digital security incidents often precedes larger ones. The Equifax breach saw much of the same behavior from their hackers The process is not all that dissimilar from fraudulent credit card purchases; the criminal will make a small purchase to test the bank’s detection system and their victim’s awareness before making the more devastating purchases.

Therefore, even the smallest security incident should be treated with the utmost suspicion and seriousness. It could be laying the groundwork for a larger strike against your enterprise. If your security team detects a vulnerability or an exploit, no matter how minor it  seems, it should be patched immediately. This could be the first step in keeping a security event from becoming a security incident.

3. Know What to Share After a Cyber Attack and When

The IOC have remained largely silent on the hack, only confirming that they were hacked but refusing to name suspects. IOC spokesman Mark Adams said in a statement: “We are not going to comment on the issue. It is one we are dealing with. We are making sure our systems are secure and they are secure.” He also added that “best international practice says that you don’t talk about an attack.”

That last point is questionable as a blanket statement. The Uber scandal, which is continuing to unfold in inquires, has focused on their deliberate cover-up of the attack last year. Equifax has quite fairly been raked over the coals over the past few days for failing to disclose their massive data breach until 4 months after the fact, and then failing to admit to the full extent of the breach. Octoly’s social media influencers called the company out for failing to disclose the potential exposure of their identities until a month later.

So when it comes to talking about your enterprise’s hack (should the worst happen) the key to how much to divulge is context. If you have reason to suspect that consumers’ or employees’ data has been compromised, you need to alert them immediately. You should also alert relevant regulators and investors as soon as possible, so they can prepare and monitor the situation accordingly. Keep your PR and legal teams informed via your incident response plan so in the event of a cybersecurity incident they can advise you how much information you have to divulge, to whom, and how to do so.

However, it is crucial to always be honest about the extent of a hack, so far as you know or understand it. The truth tends to come out about hacks. Lying will do your enterprise no good in the long run…but preparation can only bring good.  

Ben Canner

Ben Canner is an enterprise technology writer and analyst covering Identity Management, SIEM, Endpoint Protection, and Cybersecurity writ large. He holds a Bachelor of Arts Degree in English from Clark University in Worcester, MA. He previously worked as a corporate blogger and ghost writer. You can reach him via Twitter and LinkedIn.
Ben Canner

Leave a Reply

Your email address will not be published. Required fields are marked *