Cybersecurity experts will have a major role in France though the country is significantly ramping up its cybersecurity spending in anticipation of the 2024 Paris Olympic Games.
Facing the largest and most complex threat landscape to date, the country is preparing to defend against an unprecedented number of cyber threats at the Games of the XXXIII Olympiad.
International Data Corporation (IDC) estimates that revenue from cybersecurity services in France will increase by $94 million (€86 million) in 2024 due to the Olympic Games, contributing an additional two percentage points to the total cybersecurity services spending.
Paris 2024 is set to be the most connected Olympics ever, with extensive digital integration across back-of-house systems, financial systems, critical national infrastructure, city infrastructure, sport technology, broadcast technology, and merchandising and ticketing.
The heightened connectivity amplifies the risk, extending beyond the venues to potentially impact critical national infrastructure and various French businesses. IDC also projects that security services revenue in the rest of Europe will rise by $57 million in 2024 due to the Games.
“Cybercriminals are leveraging global sporting events like the Olympic Games to craft new targeted threats to businesses and citizens, knowing that their target is often distracted and more prone to social engineering,” said Richard Thurston, research manager of European Security Services at IDC.
Richard Thurston emphasized the scale of the threats expected during the Paris Olympic Games, which could support various financial and political motives and target both Olympic-related and unrelated organizations. To mitigate these risks, many French organizations are accelerating their efforts to strengthen cybersecurity measures. The Local Organizing Committee is collaborating with highly skilled cybersecurity companies to safeguard the Games.
The cyber security threat extends to a wide range of potential targets beyond the Olympic infrastructure itself, including fixed and mobile networks in Paris, transportation infrastructure and companies, hotels and the leisure industry, and financial networks.
In preparation for the Olympics, the French government established the National Cybersecurity Agency of France (ANSSI) under the authority of the Prime Minister and the General Secretariat for Defence and National Security (SGDSN).
ANSSI is responsible for the strategy to prevent cyberattacks at the Games, focusing on five main areas: increasing knowledge of cyber threats, securing critical information systems, protecting sensitive data, raising awareness within the Games ecosystem, and preparing to respond to cyberattacks.
ANSSI has launched an awareness-raising plan targeting stakeholders in the Games ecosystem and has organized several crisis-planning exercises. The Local Organizing Committee has appointed Eviden to manage cybersecurity services and operations from a dedicated security operations center (SOC) for the Games, with support from up to 17 SOCs worldwide. Eviden’s parent company, Atos, continues its partnership activities with the International Olympic Committee. Other technology vendors partnering with Paris 2024 include Alibaba, Deloitte, Orange, and Cisco.
Mandiant, a global cybersecurity firm owned by Google Cloud, is providing threat intelligence and dynamic security solutions.
Recently, Mandiant has published a new report detailing the potential cyber threats facing the Olympic Games in Paris. Mandiant assesses with high confidence that these Games face an elevated risk of cyber threat activity – including cyber espionage, disruptive and destructive operations, financially motivated activity, hacktivism, and information operations.
In the private sector, French organizations are moderately well-prepared for the additional threats accompanying the Olympics. Incident management and response are top cybersecurity priorities for 61 percent of large enterprises in France, and nearly half believe they have sufficient threat hunting or threat intelligence skills. However, less than 20 percent of French businesses consider their cybersecurity posture mature or better, with smaller organizations likely to have lower levels of skills and preparedness, IDC said.
