2024 Paris Olympics -- cybersecurity risks and top tips to keep data safe [Q&A]

In recent years, mobile devices have taken center stage and we've become mobile-first users, where mobile devices are our first choice for how we communicate, navigate, work, bank, take photos, shop and stay informed about the world around us. Our increased reliance on mobile phones is not without its risks.

According to Zimperium's Global Mobile Threat Report 2023, 43 percent of all compromised devices were fully exploited (not jailbroken or rooted), an increase of 187 percent year-over-year, a shocking number.

With the 2024 summer Olympic Games due to open this week, we spoke to Krishna Vishnubhotla, vice president of Zimperium, to find out why mobile devices will be at the top of cybercriminals' hit list when targeting the games.

BN: What could a cyber attack look like at the 2024 Olympics?

KV: It's no secret that in past Olympics, athletes and attendees have been subject to an onslaught of cyberattacks. During the 2012 Summer London Olympics for example, more than 212 million cyberattacks were detected from the day of the opening ceremony, marked by multiple offenses such as a distributed denial of service attack (DDOS) on the electricity infrastructure. In recent months, more than 200 fraudulent sites selling tickets for sporting events have already been detected by French police. And the French government announced recently it has been the victim of cyberattacks of 'unprecedented intensity.' Mobile devices are a main avenue in which today's cybercriminals are launching highly evasive attacks, due to the fact that people use them for almost everything, so it comes as no surprise that it will be a preferred attack vector in Paris this year. In 2024, we are expecting three main types of potential attacks. First, we can expect financially-motivated attacks that take the form of QR code phishing, juice jacking, malware aimed at spectators, attempted extortion via risky apps, DDoS apps and data disclosure. The second are attacks with the goal of destabilization. These look like computer/mobile device sabotage, hacktivism, data compromise and disclosure attempts. Lastly, espionage -- through highly targeted attacks via the supply chain -- is something Olympics athletes and attendees should be aware of.

BN: How are those risks being managed?

KV: To guard against these attacks, many organizations are combining many different approaches to establish a comprehensive security strategy. One is awareness-raising by communicating and practicing regular security training and education, and keeping an active watch on threats. The other approach is securing workstations and users' mobile devices. Organizations should also prioritize protecting the Information Systems (IS). It's highly recommended that organizations make a habit of restricting digital services exposed on the internet to what is strictly necessary. Another way to best secure a device is to segment and filter the Information System and implement physical access controls. Beyond implementing a mobile-first security strategy, these risks can be managed by strong international cooperation, particularly on the part of the Olympic Committee, the cybersecurity community, government agencies and international sports representatives. This involves sharing knowledge and assets on emerging cyber threats so that nobody is in the dark as they fight mobile-based cyber threats.

BN: Do you have any other insight to share on the cyber risks associated with an international event of this size?

KV: With an event of this size and attendance, the French authorities are rightfully preparing for possible cyberattacks, which are being taken with great precaution by Comité d'organisation Paris24 (Organising Committee for Paris24). The CISO for the Paris Olympics 2024 has even announced that the number of attacks is expected to be eight to ten times higher than what we saw occur at the 2020 Tokyo Olympics. France will not be exempt from attempts to destabilize the country through computer / mobile device sabotage. According to the French Cybersecurity Agency (ANSSI), attackers may be encouraged to penetrate and maintain a position on critical networks amidst ongoing international tensions. This is a prevalent reason why ANSSI is calling on organizations to be better equipped and follow cyber protection recommendations such as creating a strong security strategy tailored to this event, developing detection capabilities, implementing an information system backup strategy, and drawing up business continuity and recovery plans. The biggest takeaway here is that in a mobile-powered world, a mobile-first security strategy is a must. The mobile device is an integral part of some of the largest events and organizations in the world. It is essential to establish advanced, adaptive protections that safeguard against device, network, phishing, and app attacks that can destabilize networks and put millions of users at risk.

BN: Any additional tips you can give to attendees to stay safe?

KV: QR codes have risen in popularity because of how easy it is to share links and information simply with the scan of a mobile phone’s camera. As a result, they will likely be heavily used during the Olympic Games and beyond (i.e. scanning codes via your personal TV, downloading Olympic related apps). A QR code is just a URL and it's important to make sure one knows where it’s actually going. To avoid falling victim to malware through malicious links that require you to download a linked application, take the time to download the application from a trusted app store instead of following an opaque link to download an app from an unknown source or third-party app store. We expect there will be many bogus apps centered around the Olympics.

Beware of public Wi-Fi, between traveling to hitting various public spots in Paris, it's important that you stay cyber safe when using public Wi-Fi when out and about. Do not make financial transactions such as online banking, trading, or shopping on a mobile device in an airport lounge, hotel, Olympic stadium, or restaurants/coffee shops. Bad actors will be ready to exploit where they can and will take advantage of the high usage of public Wi-Fi around the games. If you must use a public Wi-Fi network, consider using a VPN for an added layer of protection and be sure you're transacting with SSL/TLS protected web sites.

Image credit: KaviDesigns345/depositphotos.com