Olympics 2032 Cyber Prep – What Is Brisbane’s Approach?

On any average day globally, countries are faced with the reality that cyberattacks against businesses, citizens and government are imminent.

Some Fast Facts:

• The average annual cost [globally] of cybercrime is expected to soar from $8.4 trillion in 2022 to more than $23 trillion in 2027
• There were 2,365 cyberattacks in the United States in 2023 with 343,338,964 victims
• 2023 the US saw a 72% increase in data breaches since 2021, which held the previous all-time record
• In 2019, the cybersecurity market in Latin America was evaluated at almost 12.9 billion U.S. dollars, and was estimated to reach double this value by 2025
• In December 2023 there were 100,884,532 records breached in Europe
• 50% of UK businesses experienced some form of cyber-attack in 2023
• In Q3 2023 attacks were detected on 32% of industrial control systems computers in Africa with anticipation of an upsurge in state-sponsored cyber-attacks, and ‘hacktivism’ in 2024
• 85.7% of Canadian companies fall victim to cyber-attacks with a 7.7% year-over-year increase
• Asia-Pacific (APAC) was the most attacked region in 2022: it accounted for 31% of attacks globally
• On average, there is a cyberattack every 10 minutes in Australia, with education, healthcare and government being the most targeted areas

While these stats are astounding and prompt angst upon their review, when there is a world event on the agenda such as the Olympics, these figures skyrocket - Cisco predicted the 2024 Paris Olympics to endure 8 times more cyber-attacks than the 2021 Tokyo Olympic Games which estimated a shocking 450 million attacks.

Here are a few reasons (obvious or not) why cyberattacks surge during these occasions:

• Geopolitical tensions cause motivations for cyberattacks as hacktivists seek revenge on opposing countries, targeting platforms which are receiving extremely high levels of attention
• Events involve extensive digital infrastructure, including online ticketing systems, live streaming platforms, and communication networks increasing the entryways for cybercriminals
• The massive amount of data collected during these events, including personal information from attendees, athletes, and staff, makes them attractive targets for cyber espionage
• Malware, phishing attacks and fraud such as the Stranded traveller scam are tailored for events like the Olympics with deceptive emails and websites aimed at obtaining sensitive, personal information.
• Nonsecure Wi-Fi can enable others to see any sensitive information
• Cybercriminals and attackers hired by opposing teams may be motivated to fix a match by tampering with cameras used to assist referees, scoring systems or power grids supporting the games

Then how is QLD preparing to safeguard against the above for the Brisbane Olympics?

At this stage we’ve got just under 8 years until the Olympics land in Australia and so far, Queensland is bolstering many innovative plans and investments in infrastructure, transport and technology for the event, but its cybersecurity measures specifically, have yet to be released in too much detail.

Here’s what we know has been implemented so far:

• Specialized Cybersecurity Task Forces - Dedicated cybersecurity teams have been established to focus on protecting critical infrastructure. They will be assessing and upgrading the state's power grid and other vital systems to withstand potential cyber threats. The focus is on disruption prevention
• Enhanced Collaboration with Technology Firms - Brisbane is leveraging the expertise of global and local cybersecurity firms. Deloitte has been selected to enhance and secure digital services for the event as well as potentially IBM Security, recognised for its advanced cybersecurity capabilities, is in the running to develop robust security protocols and conducting regular risk assessments to identify and mitigate potential vulnerabilities.

Let’s Learn from [the failures and successes of] Past Olympic Events:

Further steps that will [hopefully] be taken in the lead up to the event:

• Investment in Advanced Cybersecurity Technologies – Ensure detection of network anomalies in real-time to prevent the successful theft of sensitive data. So far, specific use of those which act to secure digital infrastructure such as two-factor authentication systems and advanced intrusion detection tools have yet to be mentioned in Brisbane’s Olympic prep. 
• Employ Behavioural Specialists and Analysts - who can implement user and entity behaviour analytics (UEBA): the process of interpreting intelligence, detect patterns from that intelligence, and putting together plans for pre-emptive cyberattacks or counter attacks
• Implement Public Cybersecurity Awareness Programs - Programs and practices designed to enhance awareness of cybersecurity threats and best practices for mitigating risks need to be implemented. These practices will ensure that everyone involved is prepared to handle potential cyber incidents. Cautioning citizens is of the utmost importance here – for example, visitors should be advised not to bring electronic devices or to clean their devices of any sensitive material and consider using a “burner” device to avoid surveillance. 
• Implement Cybersecurity Employee Training Programs - Comprehensive training programs should be conducted for staff, volunteers, and stakeholders involved in the Olympics to be able to recognise the risks and know how to respond. 
• Ensure International Cooperation and Information Sharing – Brisbane should collaborate with public cybersecurity organizations and other governments to share intelligence and best practices. More specifically, Brisbane will hopefully take advantage of the Trilateral Security Dialogue (TSD) between Australia, Japan, and the United States. This global cooperation will enhance the collective ability to detect and respond to cyber threats that could affect the event.

World events have the attention of the globe – and the rate of cyber-attacks explodes around the Olympic Games. Strengthening cybersecurity for the Brisbane Olympics is crucial to ensuring the event's success and safety, especially bearing in mind the cyberattacks that have targeted previous Games and the lessons learned from these incidents. By moving forward with education from these past experiences, Brisbane can create a secure digital environment that preserves the integrity of the Games and protects all participants (spectators, employees and athletes) from cyber risks.