In many cases athletes train for years, if not decades, to reach the pinnacle of their sports and represent their respective nations in the Olympic Games. Increasingly, such specters, though, are attracting another breed of competitor with very different motivations; they are perhaps out for gold, but not of the Olympic variety.
Indeed, for criminals, the Olympic Games afford a target-rich environment in which a nearly half million visitors from around the world converge in a place already well known for its cyber insecurity. To put the problem in perspective, one recent survey named Brazilian firms as having the worst cybersecurity in South America, and potentially the worst among major economics worldwide. Indeed, as recently as August 2, a report from cybersecurity firm Fortinet confirmed that the "volume of malicious and phishing ... [attacks] in Brazil is on the rise." Particularly worrying is the targeting of these attacks, with Kaspersky Lab finding a number of phishing attempts targeting the credentials of workers at the Olympics.
Such data has presented a daunting problem for Brazilian and International Olympic Committee planners on the run up to Rio 2016. The analogy has been made that protecting the Olympic Games presents a similar problem as that faced by Chief Information Security Officers at a Fortune 100 firm. Just as a new product line should not have cybersecurity best practices bolted on after the fact, but instead baked in from the start, Olympic planners have had to be proactive and start the cybersecurity risk management process years in advance. In fact, Symantec is providing cybersecurity for the Olympics, something the firm has been preparing for since the flame went out in London back in 2012.
The problem is compounded since it's not just criminals targeting the Olympics. Insider threats, terrorism, politically motivated hacktivists, as well as nation states may wish to target the Olympics to have their views heard. From interrupting the opening or closing ceremonies, to interfering with timers and tracking programs, to targeting vulnerable critical infrastructure around venues, the games present a wealth of cyber insecurity even for the most prepared hosts.
The good news is that, despite the common perception that cybersecurity took a back seat to other concerns on the run-up to Rio, so far the Olympics has proceeded without any major successful cyber attack outside of garden variety cybercrime, save for some politically motivated hacktivism (such as an Australian sports website being targeted following a dispute between Australian and Chinese swimmers). But it would not take much to put the issue back very much on the front burner. Just ask the Democratic National Committee.
Thus, the verdict is still out with more than a week of the Olympics still to go, but one lesson is already clear -- the clock is already ticking for Tokyo 2020.
Scott Shackelford is an associate professor at the Indiana University Kelley School of Business, a Research Fellow at the Harvard Kennedy School Belfer Center for Science and International Affairs, and a Senior Fellow at the Center for Applied Cybersecurity Research. Check out Professor Shackelford's research here.