Watch for Cybersecurity Games at the Tokyo Olympics
Truth #1: What You See Is Not What You Get
Enterprises often genuinely believe they have a complete hardware asset inventory and, therefore, a comprehensive security approach. But this is rarely the case. In fact, more than 60% of IT managers have an incomplete inventory of their IT devices. Whether a device is unmanaged, hiding, or spoofing a legitimate one, there are serious, unintentional gaps in enterprises’ hardware inventory.
Thinking that all assets are accounted for may be more dangerous than knowing there are some gaps left open. In this situation, the enterprise will not have an effective incident response process in an attack, and the origin of the attack will be difficult, if not impossible, to determine. And, with the Tokyo Olympics relying heavily on technology, the number of devices in use will be extensive, making the risk proliferate significantly. (By point of comparison, the 2018 Winter Olympics relied on more than 10,000 PCs, more than 20,000 mobile devices, 6,300 Wi-Fi routers, and 300 servers.) Enterprises must make more concerted efforts to ensure they have a complete asset inventory by gaining visibility of all OSI layers.
Truth #2: You Undervalue Yourself
Attackers might be sophisticated, but this does not necessarily mean they use their skills to infiltrate a target directly. Sometimes, sophistication means working smarter, not harder; the supply chain allows for the former.
Highly protected targets can be very challenging to infiltrate and, thus, their less-secure suppliers are often a point of infiltration for bad actors. Either the supplier will have access to the target’s confidential information or will provide the cybercriminal a pathway (via hardware or software) into the target organization. Supply chain attacks were up sevenfold in the last half of 2020, and this figure will continue rising without major reform. And, with critical infrastructure relying on large supply chains, the Olympics has many entry points. Small organizations who believe themselves to be of no value might just be the barrier (or entry point) between attackers and their target. In 2019, 66% of small and midsized businesses (SMBs) said they believed a cyberattack was unlikely, but 67% of SMBs fell victim to one. In today’s interconnected environment, enterprises, no matter their size or nature of operations, must significantly expand their threat landscape awareness; the supply chain is counting on it.
An Extra Year of Training
The postponement of the Tokyo Games to 2021 gave the athletes — and the Olympics cybersecurity teams — an extra year of training. Moreover, increased attacks during the COVID-19 pandemic should have reinforced the importance of advanced cybersecurity efforts. In just a few weeks, the world will watch as athletes compete for gold. Those of us in the cybersecurity world will be watching for any signs of a possible attack. You have your thrills; we have ours.