Although the 2024 Summer Olympics brought more than 15 million visitors to Paris and generated $11 billion in economic activity, the Games didn’t just convene excited fans and world-class athletes—it also attracted cybercriminals, as the digital ticketing operation, the surge in commerce, and high-profile athletes, celebrities, and officials attending made for a ripe target.
Such is the recent history of the Olympics, which have faced significant cyber threats before. The 2021 Tokyo Games saw over 450 million cyberattacks— 2.5 times more than during the London 2012 Games—while the 2018 Olympic Destroyer hack caused major problems just before that year’s Opening Ceremony. Experts and law enforcement anticipated that Paris 2024 would be no different, especially given that an IDC report predicted it would be “the most connected Olympic Games ever” and would provide “the highest degree of ease for threat actors to execute attacks” amidst “the most complex” threat landscape.
Yet, the invention of more advanced hacking tactics, rising geopolitical turmoil, and the widespread availability of artificial intelligence meant the Olympic organizing committee had even more to contend with than in past Games. As the Opening Ceremony approached, cybersecurity experts geared up for a wide range of potential cyber threats, including attacks aimed at causing chaos, opportunistic social engineering targeting eager fans, and sophisticated espionage efforts. Thanks to such a proactive approach in identifying threat actors and attack methods, these efforts were largely successful—a ransomware attack on Paris’ Grand Palais data systems a week into the Games (that did not disrupt any Olympic events) notwithstanding, the French authorities and cybersecurity teams effectively neutralized all potential threats.
But now that the Olympic flame has been extinguished after another successful Games, cybersecurity experts should move to redeploy those proven viable strategies and preparedness measures to inform their approach for 2028, as well as other significant international gatherings. Because from high-profile summits like the G20 and NATO to smaller events such as inaugurations, conferences, and music festivals, strong cybersecurity remains crucial to protecting the integrity and safety of every occasion.
Understanding the Cyber Threats Faced at the Olympic Games
A big part of that planning for the future should involve the prevention and mitigation of DDoS attacks, which remain a significant concern as per their frequent occurrence at past Olympics and global events—for instance, the 2012 London Olympics suffered faced a 40-minute DDoS attack aimed at upsetting the Olympic Park’s power infrastructure.
While these DDoS attacks are worrying enough—given how they overwhelm systems with excessive traffic to cripple websites and online services—they’re not the only threat out there to prepare against either, as social engineering attacks are now also a major problem. During the 2024 Olympics, athletes and visitors were especially vulnerable to phishing scams, which have previously exploited the excitement and stress of the event by offering fake incentives like free airfare or ticket upgrades to lure victims into sharing their credentials.
And then there was the potentially catastrophic issue of cyber espionage—or the targeting of government officials and senior decision-makers to gather intelligence on strategies, training, and athlete statuses. Remembering the incident during the 2016 Rio Olympics, where the Russian hacking group Fancy Bear targeted the World Anti-Doping Agency to undermine athletes, French authorities braced for similar, politically motivated cyberattacks from the Kremlin in 2024—especially following Russia’s exclusion from international sports organizations due to its invasion of Ukraine—as well as those from hacktivist groups and state-sponsored actors from countries like China, North Korea, and Iran. While the 2024 Games thankfully did not fall victim to such, these worries remain and necessitate the continued implementation of powerful measures to thwart these threats.
The Importance of Testing Cybersecurity Measures and Training Your Teams
One such measure proven effective during the 2024 Olympics was encryption. By transforming data into a secure format accessible only to authorized users, sensitive information—such as ticketing information, and device communications—was better protected from unauthorized access. Further, complementary implementations included those for network traffic monitoring, multifactor authentication, and the enforcement of strong password policies—all of which bolstered security.
To ensure the effectiveness of such implementations, conducting penetration tests and running tabletop simulations are also key for preparing large events for potential cyber threats. Penetration tests—which cover application testing, network testing, and social engineering campaigns—uncover vulnerabilities in different areas, whereas tabletop simulations help organizing committees gain practical experience in responding to cyber incidents, thus improving their overall readiness and resilience.
Perhaps most important is the performance of regular security audits, which are vital to identifying and addressing potential vulnerabilities within the IT infrastructure. From personal smartphones and work devices to digital ticketing systems and credential scanners, securing every critical device is essential to maintaining the integrity of the event, and periodic, thorough examinations of all systems can help do that. Not only will regular security reviews help ensure that the implemented preventative measures are effective and up-to-date, but any weaknesses will be detected early, allowing for the necessary adjustments to be made in strengthening defenses so that potential threats are mitigated well before they can impact critical operations.
All that being said, it’s not enough to make technical installations and routinely test them—you also must prepare your people. As the 2024 Paris Olympics neared, France’s cybersecurity teams, known as “Cyberwarriors,” underwent rigorous training to address potential threats. Using tools like the MITRE ATT&CK framework, they were taught to visualize potential attack patterns and identify “choke points” where specific security controls would be most effective. Also central to their strategy was Atos, the global IT partner for the Olympics since 2001, who ran the cybersecurity operation center for the 2024 Games while also managing its accreditation systems, scheduling volunteers, and providing real-time results.
Stay Ready to Respond
Together the proactive approach and the effectiveness of the implemented security measures ensured the security of the Paris 2024 Olympics and proved the importance of collaborative partnerships and tailored cybersecurity solutions for high-profile global events. However, it’s important to remember that even with the utmost preparedness, incidents can still occur and you must be ready to respond.
In the face of a cyberattack, a swift and coordinated response is essential—in quickly detecting and containing breaches, organizing committees can prevent further damage and keep critical operations running smoothly. Should a bad actor get through, prioritizing the immediate restoration of affected systems will help minimize disruption, but a complete response plan must go beyond technical fixes and involve effective crisis management, including clear and transparent communication with the public so that their trust and confidence can be maintained. Such was the case during the aforementioned ransomware attack that targeted Paris’ Grand Palais data systems during the 2024 Games. Though systems were breached, thanks to meticulous preparation and close collaboration with partners such as Cisco and government agencies like ANSSI, the attack was swiftly neutralized and Olympic events proceeded as planned.
The brevity of that ransomware attack, as well as the overall cybersecurity success of the Olympics, was rooted in a well-rounded strategy that had been meticulously planned and executed—regular security audits identified vulnerabilities, strong encryption protected sensitive data, multifactor authentication secured critical systems, intrusion detection systems monitored for threats, and ongoing training kept all parties updated on cyber risks.
Not only did this comprehensive vigilance and preparedness ensure the integrity of the 2024 Games, but it also demonstrated a new standard for the cybersecurity of global events moving forward.
About the Author
Avani Desai is the Chief Executive Officer at Schellman, the largest niche cybersecurity assessment firm in the world that focuses on technology assessments. Avani is an accomplished executive with domestic and international experience in information security, operations, P&L, oversight and marketing involving both start-up and growth organizations. She has been featured in Forbes, CIO.com and The Wall Street Journal, and is a sought-after speaker as a voice on a variety of emerging topics, including security, privacy, information security, future technology trends and the expansion of young women in technology.
Avani sits on the board of Arnold Palmer Medical Center and Philanos; is Audit Committee chairwoman at the Central Florida Foundation; and is the co-chair of 100 Women Strong, a female-only venture capitalist-based giving circle that focuses on solving community-based problems specific to women and children by using data analytics and big data.
Source: www.cyberdefensemagazine.com