A Summer full of events – what can businesses learn from it? - Part 2
A Summer full of events – what can businesses learn from it?
This summer is full of events, and we will be examining how technology is transforming the major sports events, providing insights and learnings for any other business.
Insight 2: Becoming digital – the human firewall
The importance of cybersecurity is no secret to anyone who’s opened a newspaper or attended a board meeting. More and more business value and personal information worldwide are rapidly migrating into digital form on open and globally interconnected technology platforms. As that happens, the risks from cyber-attacks become increasingly daunting.
For multi-sport events that is no different. In common with any modern enterprise, major sport events have to face these challenges but, perhaps more unusually, also whilst working to an immoveable deadline and under a media spotlight that would be very attractive for a would-be cyber attacker seeking to publicize their cause.
- Each major sports event is a temporary environment – always a challenge for information security.
- Large numbers of stakeholders access vast amounts of data – some of which is highly sensitive.
- During sports competition there must be zero impact on multiple events.
There has been a drive to make information more freely available to users via the internet and on their own device, with a corresponding increase in IT security alerts. See the Olympic Games IT security example:
What can businesses learn from it?
So, business executives may ask, why holding up to further protect oneself against potential threats from inside and outside? Understanding the issue is quite different from effectively addressing it. There are a number of factors that make getting the right cybersecurity capabilities in place challenging for organizations. For a mission critical and highly visible project such as the Olympic Games, the Atos team followed a proven approach from previous Games throughout the project lifecycle. There are three foundational elements to highlight: the business impact analysis, the security risk assessments and lastly one key success factor: the human factor.
At the start of each Olympic Games IT project, the team initiates a business impact analysis to establish an understanding and agreement of the business requirements. Consulting the different business owners, this business impact analysis involves a review of each of the services to determine key attributes such as critical operational periods, acceptable levels of downtime and the consequences of a failure. A score is agreed for the impact. The output from the business impact analysis is used to inform a number of different streams within the project, including architecture and operations.
The IT security risk assessments carried out are considerably more technical in nature than the business impact analysis and reviews the security posture of each service, taking into account for example the means by which an attacker might gain access to a system or data and whether that would result in a threat to confidentiality, integrity or availability. These risk assessments determine a risk rating based on impact and probability; those ratings are then reviewed and agreement to be reached with the customer as to whether to accept the risk level or to improve the situation with additional security controls.
The human factor
As shown in the example of the Olympic Games project, threats are growing massively. To fight against cyber-attacks, technology is an essential component, but security does not start or end there. Often the user of the systems is the weak link in the security chain. Hence the human factor cannot be ignored. For such massive and highly visible project as the Olympic Games with multiple end-users, you need to make sure that a highly trained and experienced team delivers a set of security policies allowing for good governance and training. It creates an environment where we train and make the users not only aware of cyber security. It changes the culture and the behaviour of users to enter security in the habits. As a result, the users act with security in mind and share information when needed or when they see or encounter problems.
To address the cyber challenge in an ever digitized world, having solutions and perimeters in place is not enough. Increasing the cyber awareness amongst the technology users is critical – creating some sort of human firewall. In the case of the Olympic Games, our human firewall helped bringing down the millions of cyber-attacks to zero. Pretty impressive, isn´t it?