Securing the Paris Olympics: Balancing AI Innovations & Heightened Cyber Threats

By Tyler Young, CISO at BigID

The countdown to the Paris 2024 Olympics is on, and it’s crucial to defend the Olympic stage against cyber threats.

Cyberattacks targeting the Olympics are not new, but their frequency and sophistication have increased over the years. For example, the 2018 Winter Olympics in Pyeongchang, South Korea, experienced a cyberattack resulting in a Wi-Fi outage malfunctioning internet protocol TVs, which resulted in the shutting down of the Winter Olympics website.

This disruption prevented attendees from printing reserved tickets and attending the ceremony. Since 2018, these attack efforts have only grown. In fact, according to NTT, the total number of security events blocked during the Tokyo 2020 Games, including unauthorized communications to the official website, was 450 million.

So, today, a strong plan is needed to ensure safety against the intersecting threats of advanced AI and increased cybersecurity risks.

Anticipating Increased Attacks and Disinformation Campaigns at the Paris 2024 Olympics

The cybercrime economy continues to grow and was reported to be the third largest economy in the world, behind only the U.S. and China. Additionally, large events like the Olympics have always been prime targets for cybersecurity attacks due to their large audience, complex infrastructure, and data-rich environment.

We should expect ransomware gangs to continue to target organizations by exploiting rudimentary tactics (like phishing and unpatched systems).

Franz Regul, CISO at the Paris 2024 Olympics, recently said he expects this year’s Summer Games in Paris to have eight to 12 times more security events than 2020.

Since February of this year, security incidents have already disrupted the preparations for the Games. French media have reported on multiple separate incidents, including the theft of laptops that allegedly contained information about security matters related to the Olympics.

Additionally, Russian propagandists created a disinformation campaign with AI deepfakes to flood social media with short videos raising alarms about possible terrorist attacks and stoking fears about safety.

Embracing AI to Enhance Performance, Fairness, and Security

AI has made it easier for people with limited hacking abilities to carry out cyber attacks, but industry experts know that AI can also be a valuable tool in defending against these attacks as well. The International Olympic Committee should take a cue from businesses and leverage AI to protect against cyber threats.

According to “The 2024 Global Report on Generative AI: Breakthroughs & Barriers”, the security risk of data breaches or ransomware attacks is the top influence when adopting AI.

If Olympic committees turn to AI, it's crucial for them to maintain control over the kind of data that these AI systems are trained on. As the age-old saying goes, “You can't protect what you don't know.” AI comes with its own set of risks and concerns, including sensitive data exposure.

When language models are trained using data that contains sensitive or regulated information, it can result in unauthorized exposure, access, and breaches. It's essential to have robust data governance and controls in place to prevent such incidents.

Enhancing Cybersecurity Measures Ahead of The Games

The Olympic Committee needs to adhere to industry standards to maintain a strong data security posture. Proactively detecting and addressing data security vulnerabilities is essential.

BigID’s 2024 State of Data Security Report highlights that 63% of CISOs prioritize proactive risk detection and remediation for data security, as only scanning data isn't sufficient.

Deploying advanced cybersecurity measures in any business, much less the Olympics, requires a delicate balance. It's imperative that the Olympic Committee and host countries operate efficiently with zero disruptions. In order to effectively accomplish this, they need to adopt Secure by Default principles and be innovative with their solutions.

Taking into consideration existing business processes and wrapping security technologies around them is extremely important. Secure by Default takes critical processes, systems, and solutions and bakes security measures natively into the operations.

Another critical component of this evolving strategy is employee education and awareness. The human element often plays a significant role in data security. By ensuring that all employees, especially those interacting with AI systems, are well-versed in best practices for data management and aware of the potential risks, companies can create an additional layer of defense against data breaches.

Training programs should be regularly updated to reflect new developments in AI technology and emerging security threats.

Lastly, security leaders can leverage threat intelligence data—regardless of the industry—to deeply understand upcoming geopolitics and cyber-related chatter and how this may impact them.

Cybercriminals and nation-state attackers begin to make moves by spinning up infrastructure, registering domains, and implementing government plans such as the five-year plans prior to launching an attack. All of this can be correlated and detected by leveraging the right amount of threat research and data.

Ensuring Integrity and Safety at the Olympics Through Robust Cybersecurity

By prioritizing these measures, the Olympic Committee aims to ensure a secure and forward-thinking Olympic experience. In light of AI's increasing influence, the Olympic Committee will likely allocate equal or greater resources for the 2024 Games to prevent attacks and enhance cybersecurity measures. But it’s necessary.

This commitment not only upholds the Games' integrity but also safeguards participants, spectators, and global stakeholders from potential cyber threats, thereby creating a safe and innovative environment for all.

While the laundry list of priorities for security leaders to keep their organizations safe varies and changes from organization to organization, it is crucial to foster open dialogue, innovation, and policy development. By embracing AI while staying informed and implementing robust security practices, security practitioners can harness its power and safeguard against emerging threats.