2018 Pyeongchang Winter Olympics

As soon as the 2018 Winter Olympics in Pyeongchang, South Korea, began, they were compromised.

Officials at the International Olympic Committee (IOC) disclosed that the official Winter Olympics website, as well as unspecified systems connected to internet and television services, were compromised by a cyberattack that occurred shortly after the game's opening ceremonies.

Though officials did not name those behind the attack, there have been reports that link the incident to Russian cybercriminals connected to the Russian government, though the government has denied any association with the attack.

But no matter who the perpetrators were, the successful infiltration of the IOC's IT systems underscores the almost unavoidable cyberthreat high-profile events pose for the organizations, athletes and spectators who attend. For all parties involved in such events, the only way to protect against the cyberthreats is to take cautionary preventive measures, and prepare for what many see as inevitable.

Adam Levin, chairman and founder of identity and data protection company IDT911, noted that the Winter Olympics are a coveted target for many cybercriminals given the attention the event garners.

“Obviously, whenever you have something of this stature, when it is a stage for the entire world, there are those who would attack because they wish to make a statement,” he said.

And not only is it an attractive event to attack, but given the nature of the games, one of the most vulnerable and potentially easy to infiltrate. Within the events themselves, “there are just hundreds of thousands of internet-of-things (IoT) devices, monitors, cameras, HVAC systems, and all sorts of communication systems” that are all potential openings to hackers, Levin said.

“Think about all the different IoT devices that are present in any venue,” he added. “Now multiply that by a factor of 100 considering all the types of venues that are in play … and you see there are all sorts of points vulnerabilities hackers can take advantage of.”

Marcus Christian, partner at Mayer Brown, agreed, noting that as mobile devices and more consumer technology come into play, “we have an expanding number of ways in which cyberattackers can actually target an Olympic game.”

But with all these entry points for cybercriminals, how does one protect themselves at an event like the Olympics?

The best defense, Levin said, is to not have any sensitive or confidential data on hand when attending events like the Olympics or traveling to foreign countries. “Obviously carrying a burner device is probably the best avenue.”

But if there is a need to carry “devices you normally use, make sure to get as much of your personally identifiable information (PII) out of it,” Levin added. “Use VPNs, don't not hook into public Wi-Fi, and try to make sure whatever system you are in is a secure system, though depending on the country you're in, their definition of a secure system could be radically different than our definition.”

In addition, Levin also emphasized the need to have “long and strong passwords and two-factor authentication,” to shred “anything that has PII on it after you are done using it,” and not to send “anything that is sensitive by way of email, especially when you're in a foreign country.”

Levin's advice echoed that of the United States Computer Emergency Readiness Team (US-CERT), which put out a notice before the Winter Olympic events reminding “travelers to be aware of cybersecurity risks” at the games.

To be sure, most of the cybersecurity protections organizations, athletes and travelers can implement for the games are preventive. There is little that can be done, after all, once an organization or person's data is compromised.

Christian, for instance, noted that there isn't a “tool kit of legal tools that companies and individuals have after the fact to go after a hacker.”

“When you look at the U.S. athletes who had their medical information stolen in 2016, for example, for them once the information is out, there is not a whole lot they could do,” he added.

So for the now, the best strategy is to take all necessary precautions, and assume the worst.

“You have to make sure that when you return, you are monitoring properly your credit scores, your credit report, and your accounts and scanning for your PPI on the dark web,” Levin said.