Aktuelles
Saugat Sindhu, Wipro Ltd: Faced with cyber risks linked to the Olympic Games, employees must increase their vigilance
June 2024 by Marc Jacob
The Olympic and Paralympic Games are at the heart of cybersecurity issues. Indeed, the cybersecurity world expects an explosion of attacks to disrupt their smooth running. Thus, Saugat Sindhu, Senior Partner and Global Head, Advisory Cybersecurity & Risk Services, Wipro Ltd believes that companies must prepare by strengthening traditional attack surfaces, including the network with 5G, and securing OT and IoT. For AI, it is necessary to add additional vulnerability assessments of the algorithms that will be used as well as SIEM support. For him, if employees know what they should not do, attackers have less chance of getting around them.
Global Security Mag :
The Olympic Games are sources of cyber threats, what are the main threats or types of potential attacks to predict and manage in advance?
Saugat Sindhu : Millions of people will watch the Olympic Games live and on TV, which makes the event a prime target for malicious actors. If we look at the last Olympic Games in Tokyo, there were millions of cyber-attacks on different parts of the IT infrastructure that supported the games and it included everything from spoofing, malware, phishing to denial-of-service. It is a foregone conclusion that these types of attacks will at least be repeated during the 2024 games. However, Generative AI was not around in 2020, with that in play, another attack surface has been exposed. Malicious actors will try data poisoning techniques to on the training set, they will also try model inversion to extract sensitive information from data sets in use – think marketing data that may be confidential and, to impact predictions, they may also use evasion techniques.
Preparing for these types of attacks requires fortifying the traditional attack surfaces including on the network side of things with 5G and then securing OT and IoT boundaries. For AI, additional vulnerability assessments of algorithms must be included that would be used along with SIEM support.
Global Security Mag :
Compared to the Tokyo Olympics, how have cyber threats evolved over the past few years, have they highlighted the growing impact of AI and OT/IoT systems?
Saugat Sindhu : To expand a bit more on what we have already covered, handheld devices are being used more and more. They are used to process payments, validate identities, and even to support broadcasting etc. This makes securing OT/IoT boundary critical. When you add AI that sits on the edge and is consumed on these handheld devices, then your attack surface multiplies.
Global Security Mag :
What are the key cyber security lessons from the Tokyo 2020 Games and how are those lessons being applied to strengthen security at Paris 2024?/ How should those lessons be applied ?
Saugat Sindhu : The key lesson from the Tokyo Games from a cybersecurity perspective is that you can’t think of just a few scenarios, you must consider everything. You also have to be pragmatic to understand there is no such thing as 100% secure environment. This means, the best thing to do is prepare adequately with proactive controls in place for detection, and also have reactive controls in place for response. Employing ethical hackers to find gaps could also help fortify your cybersecurity posture. In addition, the power of cybersecurity awareness and training can never be understated.
Global Security Mag :
What types of companies could be affected by its attacks apart from those directly linked to the Olympic Games?
Saugat Sindhu : Any and all companies that provide infrastructure services, payment processing (ticket websites for examples), transportation, energy and utility services, advertising, broadcasting and media outlets, and lastly hospitality companies could all be impacted.
Global Security Mag :
What are the main measures companies should take to ward off these attacks during the Games and beyond?
Saugat Sindhu : Fundamentals of infrastructure security and resilience should be in place with adequate preventative controls. Emphasis should be given to pen testing, vulnerability assessments and ethical hacking exercises to identify any gaps to be patched before the Games. Strong monitoring and detection mechanisms should be in place along with response playbooks to mitigate and recover from any attacks during the Games. Having cyber recovery operations on a 24/7 basis during the Games, would also ensure critical services and processes are not impacted.
Global Security Mag :
To conclude, what is your message to our readers? (CISO, CIO, security network administrators, etc.)
Saugat Sindhu : First and foremost, the fundamentals and basics of infrastructure security and resilience need to be done right. Once we that is established, the newer threats covering OT/IoT and Generative AI can be dealt with. Do not overlook the power of cybersecurity awareness and training. If people know what not to do, attackers have a lower chance of get past them.
