Millions of Americans will watch the Summer Olympics at work — and that will create a major opportunity for cyber criminals to attack corporate computer systems. This could cause serious headaches for IT departments that are not ready to deal with the increased security challenges.
“The threat is serious and it’s real,” said Dan Lohrmann, chief security officer at Security Mentor, a company that provides online security awareness training to employees.
Because the Rio Games are in the Western Hemisphere, much of the competition will take place during normal business hours in the U.S. And that’s expected to create higher than normal internet usage that could slow some corporate networks.
“There could be surges in bandwidth on your network and it may not be when you expect,” Lohrmann told NBC News. “It’s very difficult to know which event or events might go viral and all of a sudden the network at your business goes down.”
In June, TEKsystems, a company that provides IT staffing solutions, surveyed more than 600 IT professionals who design and maintain corporate networks. The respondents represented a variety of industries across the country, ranging in size from $50 million to more than $10 billion in revenue. The key findings:
- 72 percent expect a moderate-to-major increase in internet use during the Olympics
- 79 percent expect their networks to be at greater risk
- 52 percent will use additional filters, blockers, firewalls or similar software as a preventive measure
- 84 percent do not plan to issue any guidelines about accessing unauthorized sites or viewing Olympic events during work hours
“They know something’s going to happen, but most are not taking steps to prevent it,” said Tom Bondi, infrastructure and information security practice director at TEKsystems. “They say they’re going to sit and wait and see if anything happens. And this concerns us.”
The Security Challenge
Security experts tell NBC News they don’t expect to see any specific new threat or vulnerability introduced during the Olympics. But with more employees going online — and visiting unfamiliar sites — the bad actors have more ways to attack corporate computer systems.
Rick Holland, vice president of strategy at Digital Shadows, a cyber-security firm, says the primary threat is going to involve social engineering, or trying to trick you into breaking normal security procedures.
“There are all sorts of news-related stories attackers can use to get someone to click on a link while sitting at work,” Holland said. “So you need to have a higher level of vigilance when reading email, especially ones that contain links to streaming video.”
Theresa Payton, CEO of the digital security firm Fortalice Solutions, says employees and companies cannot underestimate the increased threat during the Games.
“Cybercriminals and fraudsters are going to create places for you to go to see an event or medal ceremony you missed,” Payton said. “You may actually be viewing highlights, but at the same time, behind the scenes, malware could be downloading.”
Payton advises corporate IT departments to be on “high alert” from now until the closing ceremonies.
“Take a look at some of your security tools and settings: firewalls, anti-malware, virus software and make sure you have all of that fine-tuned,” she said.
By now, you may be asking yourself: “Why would a cyber-thief want to get onto my computer? I don’t have any major corporate secrets. Couldn’t they just hack into the system and get what they want?”
“Users are the number one target for the attacker these days,” said Jason Brvenik, principal engineer at Cisco Systems Security Business Group. “The user has all of the valid credentials necessary to log in to the critical assets of the business. And even if you’re not a person handling sensitive intellectual property for the organization, when you get compromised, you create an inside opportunity for the attacker to find those people and do what we call ‘moving laterally’ within the organization.”
The Bandwidth Challenge
IT experts contacted by NBC News agree: It would be a mistake for U.S. companies to underestimate the number of employees who will try to livestream video or watch highlights at their desks, hogging corporate bandwidth.
“Companies need to think about this in advance,” said Security Mentor’s Dan Lohrmann. “What are the policies? What protections do they have in place? And if they need to, is there a way to throttle the bandwidth?”
Theresa Payton says any company that allows employees to watch the games on their computers should segment some of their bandwidth for this viewing — to separate it from what’s needed to conduct business.
“If your customers and your internal traffic are operating on the same bandwidth, you’re going to be in a world of hurt during the major Olympic events,” Payton said. “A significant event like this could bring your network down to its knees and impact your ability to service your clients.”
Her advice: Put out written guidelines for the Olympics that explain corporate policy. For example, “Please understand that during these times of day, these are peak usage times for our company and peak times when our clients are trying to reach us. Please refrain from live-streaming videos of the Olympics during these times.”
One workaround suggested by various IT experts: Put a big TV in the lounge area or break room. Your employees will want to know what’s happening, so you might as well plan to deal with it in a way that’s positive — maybe even good for morale — rather than something that’s going to hurt your business.