Search
Close this search box.
Request a quote

Cyber experts warn of ransomware risks during Tokyo Olympics

olympia-1535219

Cyber experts warn of ransomware risks during Tokyo Olympics

Should the Summer Games face a cyberattack, the losses would be significant.

The five-ring symbol of the Olympic Games in Tokyo, Japan.

It might be assumed that with the ban on physical spectators at the postponed 2020 Tokyo Olympics, the level of risk stemming from this global event — particularly the spread of COVID-19 — has diminished, but cyber experts warn of a different risk: cyber. Fears of telecom disruptions and ransomware attacks are founded, and the damage that could be caused has increased with the reliance on technology to broadcast the Games, which kicked off on July 23rd. Experts say insurers could face potentially massive losses based on the high-risk factors.

Organizers have said that they are prepared for the kind of cyberattack that temporarily paralyzed IT systems ahead of the official opening ceremonies of the 2018 Pyeongchang Winter Olympics in South Korea.

“I think Japan is prepared for what happened in South Korea in 2018, but the landscape for cyberattacks has shifted so they can only be prepared for what they’ve seen in the past but maybe not for the next iteration of it,” Robert Behny, senior director of cyber data and partnerships at Verisk, told PropertyCasualty360. He added that “The best preparation that they can do ensure they have a solid foundation — software patching and system backups.”

COVID-19 has forced the world to transition to a digital state faster than expected. Japanese officials have even said they are utilizing technology such as facial recognition systems to monitor volunteers. A cyberattack on a broadcast or streaming network used by the Olympics may spell disaster as attackers could have hacked the IT infrastructure over a year ago when it was originally planned to be used.

While Japan has shown that they have been busily working on cybersecurity defenses over the past several years, Bethany Vohlers, senior manager for cyber solutions at Verisk, said: “In a lot of ways, the actors are always one step ahead of where the rest of the industry is. And that’s coming from the fact that they are largely typically nation-state attacks that are heavily funded. It can be an act of war, but it’s really a tool. And so there’s always going to be this appetite in the cybercrime world…to try and disrupt these sorts of events.”

Although Japan is ranked as low-risk by insurance and risk management firms, giving it a stellar reputation as a safe place to visit, the nation cannot afford to become too complacent.

With spectators having to watch the Games virtually, it means purchasing tickets with banking information and logging in to a website account to print tickets and watch the Games. If there’s an attack on the Olympics, disruptions to the virtual supply chain could impact companies supporting the Olympic Games and even virtual spectators.

With the absence of in-person attendance, the event is going to be very reliant on technology to stream or to save content, Behny said.

“That high technology reliance means that you’re going to have third parties of the Olympics officiants and fourth parties supporting that type of technology to stream content and to save the content for later viewing,” he added.

Even at-home spectators face risks

The organizers of the Olympics aren’t the only ones who should be vigilant. Suppliers and spectators must take action to protect themselves and those they are connected to. In addition to malware, there’s also the possibility of ransomware attacks, so what can companies expect if they’re targeted?

“I think all the suppliers, if you’re not the Olympic committee who’s actually putting on the show, you’re probably a target for ransomware,” Behny said. He added that if a threat actor can take you down and make you pay as a ransom or extortion, they achieved their goal because their criminal organization gets paid. But for the Olympic organizing team, threat actors want to have a media blackout so the Games can’t be produced.”

Behny warns spectators to be cognizant of phishing emails, so, if they get emails, they need to know if it’s a legitimate email from the Olympics or one from a streaming provider that they actually trust and shouldn’t click links that they don’t trust because it could have malicious attachments. “It’s the typical…good hygiene, good citizen of email etiquette,” he said, adding, “Pay attention to what you’re opening. Pay attention to what you’re clicking. The malware that would come from that could be a myriad of things.”

“I think, generally, the interest will be around some forms of cybercrimes, said Vohlers. “So trying to steal banking credentials or PII. I know that there is an Emotet malware for a while in Japan as well, which has really made a resurgence not too long ago and that actually helps steal banking credentials when you log into accounts.” She added that scams around just general ticketing to try to get that banking information, fraudulent websites, payment card theft, as well as phishing attacks, are also possible.

“And I think the one other thing to mention is really the potential disruption that spectators might face around potential hacks with the supply chain again, so thinking about wifi networks being impacted, I believe even hotels, if they’re impacted, that would impact those who are attending the event,” she noted.

‘A business interruption element’

Attacks will not just impact the top of the Olympic Games because other systems are attached to them, so even if an attack is just targeted at the Olympics, it could still spread everywhere else because the networks are connected. Ransomware tries to spread like a worm, and its spreads very quickly, so systems that are connected could be impacted even if it was not the intent of the threat actor.

Vohlers said what we need to be looking at is disruption — “sort of just a business interruption element.” She added that when it comes to ransomware, extortion has been increasing and becoming more targeted attacks and certainly in high-profile events like the Olympics. “The desire to recover from an attack might be greater than going through the whole remediation process,” she said.

There is a lot of money at stake. Should the Olympics be attacked, the losses would be great. The insurance industry is a stakeholder in major events like the Olympics and could encounter huge losses, considering that claims and liability could be impacted. A Reuters report revealed that the International Olympic Committee (IOC) typically takes out around $800 million of coverage for each Summer Olympics.

Leave a Reply

Your email address will not be published. Required fields are marked *

Related posts
Commercial Auto

Around the P&C Insurance Industry: November 20, 2024

Porsche Auto Insurance:Launched an unlimited insurance product for high-mileage Porsche owners driving over 10,000 miles annually. This complements their pay-per-mile policies, allowing owners to choose fixed premiums or mileage-based options. Multiple vehicles on a single policy can also have mixed coverage. Safeco Insurance:Entered a book transfer agreement with Main Street America Insurance, enhancing its personal lines presence in 22 states. Main Street America is shifting focus to commercial lines, including commercial products and bonds. Resilient Cities Network & Tokio Marine Group:Partnered to bolster urban resilience projects. The collaboration supports the Resilience Finance Taskforce, helping cities globally scale investment strategies for resilience and climate adaptation. Skyward Specialty Insurance Group:Introduced life sciences liability coverage tailored for the life sciences industry, addressing risks such as medical liability, errors and omissions, and general liability. This strategic move supports the complex insurance needs of healthcare innovators. AAIS Partner Program:Welcomed Sproutr, offering AAIS members access to tools and services that streamline operations and foster growth in insurance processes. Duck Creek Technologies:Opened its second Center of Excellence in Warsaw, Poland, enhancing global customer service capabilities, particularly in Europe, the Middle East, Africa, and the Asia-Pacific regions. Liberty Mutual & Coursera:Launched an entry-level course, Insurance Sales Agent, to train learners in risk management, sales, and ethical practices, equipping them for careers in insurance sales. World Insurance Associates:Acquired United Counties Insurance Group of Old Bridge, NJ, expanding its regional operations. Previsico:Unveiled Instacasting, a flood mitigation solution using rainfall data for real-time surface water flood predictions, enabling faster and more precise response strategies.

Read More
COVID-19

Live Event Insurance: Navigating New Risks in a Post-Pandemic World

The surge in live events after COVID-19 has brought a new wave of challenges for venues. Whether hosting concerts, sports games, or festivals, ensuring adequate insurance coverage has become critical for managing increasing risks. Venue owners and operators must reevaluate their general liability and other insurance policies to safeguard against potential liabilities. The Risks Facing Entertainment Venues Imagine hosting a packed concert where pyrotechnics go awry or a brawl breaks out. These incidents can lead to lawsuits, legal fees, and insurance claims that could devastate your business if not adequately prepared. Proper coverage and legal risk management are the backbone of every successful venue. Tools for Managing Liability: Exculpatory Language To mitigate risks, venues often employ exculpatory language, such as disclaimers on tickets or websites. In New York, for example, these clauses can limit a venue’s liability for certain incidents, excluding cases of gross negligence. However, courts mandate that such language must be clear, bold, and conspicuous to be enforceable. Online ticket purchases further enhance risk management through clickwrap agreements. These agreements require customers to actively confirm their understanding of terms, adding another layer of legal protection. Understanding Assumption of Risk For recreational activities like concerts or sporting events, the doctrine of primary assumption of risk is another legal shield. It protects venues when attendees willingly accept inherent risks of the activity, such as injuries from a mosh pit. However, it does not cover negligence in venue maintenance or security lapses. Maximizing Insurance Coverage Given the complexities of live event liability, venue owners must ensure their insurance policies address all potential scenarios. Key steps include: Compliance and Risk Mitigation Under New York Insurance Law § 3420(d)(2), insurers are required to respond promptly to liability claims. Delays can result in waived defenses, placing greater responsibility on the insurer. Staying compliant with such laws is essential for efficient risk management. Preparing for the Unexpected The post-pandemic resurgence of live events highlights the importance of a robust risk management strategy. Regularly updating exculpatory language, reviewing contracts, and optimizing insurance coverage ensures venues are well-prepared to handle unforeseen challenges. At Skyscraper Insurance, we specialize in tailoring comprehensive insurance solutions for entertainment venues. From general liability to vendor contracts, our team can help you set the stage for success while managing risks effectively. Contact us today to learn more about protecting your venue and your business.

Read More
Categories
Try your instant quote
Click here to proceed