Protecting Global Events When the World is Watching

By Matthew Hurling, Government Programs Lead for Middle East & Africa, Mandiant

Geopolitical summits, elections and sporting meets are some of the most visible events whether they’re taking place on an international, national, or regional scale. They also present unique cyber security challenges for critical infrastructure and supply chains. From a summer of sporting events running through to the FIFA World Cup, as well as the G20 and COP27 summits this winter, no matter whether these last from a single day to multiple weeks or months, defending against cyber threats must be an important consideration for organisers and is no longer something that cannot be taken seriously nor left to the responsibility of other parties.

Defending these kinds of societal events requires active defences backed up by the latest intelligence on potential attackers. Organisers need to have strategic security programs plus the right technical solutions in place to harden their security posture prior to an event and to support operations once it kicks off. Delivering resilient cyber capabilities in a compressed timeframe under intense public attention and scrutiny is a major challenge that requires focus and investment to properly plan and implement.

There are three key phases to think about here, in the run up to and during a major event:

Understand the environment: Prepare, harden and exercise
Anticipate threats: Test, monitor and defend
Survive attacks: Respond, contain and remediate

Understand the environment

This phase should take place before a major event, with the aim of proactively protecting and hardening the event’s security posture. Do you know enough about the potential adversaries and have you prepared your people, processes and technologies in the right way?

Some of the critical things to think through in the preparation phase include:

Ensure you can monitor and investigate alerts, proactively hunt for attackers and contain and remediate threats
Deploy endpoint and network detection technologies across the entire environment and multi-factor authentication across all accounts and external facing services
Create alerts for emerging and currently exploited vulnerabilities as well as current and imminent threats based on the latest information about the threat landscape
Monitor social media, blogs, forums, news sites and chat apps for threats, misinformation and disinformation campaigns
Coordinate with relevant national agencies to obtain and contribute related intelligence.

When it comes to hardening infrastructure, conduct compromise assessments and validate controls to check the security and integrity of the environment and the key data that needs protecting. Think about what all the different ways into that environment might be, and make sure to log and regularly scan all externally facing assets on the network.

In the heat of the moment, you don’t want to be struggling to think who should be involved, so make sure you’ve designated a crisis-response team and that you’ve got the right organisational, executive and communications support. Conduct a tabletop exercise to ensure that all participants understand their roles and responsibilities during an incident, and test backup procedures to ensure that critical data can be rapidly restored and critical business functions can remain available.

Anticipate threats

Once the major event has begun, and there will be an increased risk of destructive or disruptive cyber attacks. This is when you should go into an elevated active defence mode – or ‘shields up’. Key priorities will include continuously validating security controls and defending critical assets. It’s all about inhibiting the access an adversary needs to leverage to achieve their goal.

Testing is important again here – whether that’s ad-hoc penetration testing exercises on all externally facing assets, testing the internal team and technology’s ability to detect, prevent and respond, or testing the incident response team’s reaction times against real adversarial methods.

Monitoring what’s happening in real time is key in this phase:

Establish a situation room to bring together operations, intelligence and external organisation information and communications
Continuously monitor, analyse and report relevant data and analysis from intelligence sources
Conduct enhanced hunting and monitoring for indicator-less behaviours; assume attacks are happening and technical controls have missed something
Continuously validate security controls effectiveness against active attack behaviours.
Restrict egress communications on critical systems.

Ultimately, the focus should be on protecting critical assets – what are your crown jewels and what might an adversary go after? Protect specific high-value infrastructure and network architecture to limit or remove adversary access to critical systems, and make sure you have offline backups in place to use if needed.

Survive attacks

By this stage, you’ve hopefully spent a long time prepping, building and testing defences, and now it’s all about being ready to respond and providing continuity.

During the major event, national, international and social media coverage often parallels real-time activity. Having extensive intelligence on existing and emerging threat actor tactics, techniques and procedures enables you to have an effective and efficient incident response.

Effective incident and breach response extends beyond technical investigation, containment and recovery and includes executive communication and crisis management, such as legal, regulatory and public relations considerations. Doing this requires taking a potential adversary’s view of the situation. Preparing for an incident from only one side, without invoking real-world experience and known data on threats, solves only half the equation.

Following the major event, take time to detail successes, challenges and recommendations. We can always continue learning from similar events and try to share as much information as possible to avoid future similar circumstances.

The cyber security challenges we face today are often too big to tackle alone and the necessary cyber defence operations maturity and capacity require significant, sustained focus and investment. These challenges become even more acute during major events. Protecting such events means having rapid and adaptable cyber defences under unique duress and pressure.

A prepared and practiced cyber strategy and playbook helps ensure a favourable outcome not just for the hosts, but all participants, spectators, and those watching on from around the world.

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Bybit opens global headquarters in Dubai on the heels of 50% increase in user base

DIFC Courts reinforces its commitment to sustainability following expansion of its digital infrastructure

NETSCOUT adds new data centre presence in Dubai with added Arbor Cloud Capabilities

Dubai ranks as the second most crypto-ready city in the world

LinkShadow reinforces its commitment to Saudi Arabia

Huawei Cloud’s Riyadh launch boosts Saudi tech advancement

Cisco unveils new data centre to enhance security services in Saudi Arabia

Survey reveals misalignment between cybersecurity and business goals in the UAE and KSA

Google Cloud announce significant new collaboration with Saudi Pharmaceuticals giant

KROHNE delivers insights to inspire the next generation of engineers in Oman

Oracle supports major project to accelerate Oman digital economy

Ooredoo accelerates cybersecurity in Oman with new deal

Omantel selects Ericsson to manage its nationwide multi-vendor networks

Oman TRA shares plans to accelerate 5G deployment

BDB launches “tijara” platform for SMEs

Bahrain achieves full nationwide 5G coverage

Batelco, SonicWall launch integrated security solutions for SMEs in Bahrain

Bahrain to offer COVID-19 test results on WhatsApp, Facebook Messenger

Infor supports Bahrain’s digital transformation

Infopercept opens its first Middle East office in Kuwait

Microsoft Compliance Manager now available in Kuwait

Commercial Bank of Kuwait gets mobile payments moving with Thales Digital Solutions

Ooredoo chooses Fortinet to deliver secure SD-WAN managed services in Kuwait

Zain rolls out first-ever 5G roaming service in MENA

Looking for the best label solutions in South Africa? Go OKI!

OKI is only going bigger in the South African market!

Huawei honours Women in Tech at Apps UP 2022

Amazon payment services launches in the MENA region

Egypt turns to AI to deliver COVID-19 diagnosis service to People of Determination

Vertiv extends partnership with MDS SI Group to enhance digital infrastructure solutions

Bosch sees 21% sales surge in the Middle East

“AI has been in Google’s DNA from the beginning – we are an AI-first company” – Tarek Khalil, Google Cloud

How companies can future-proof their business with Web3

“Diversity, equity and inclusion are a core part of our culture and values at AWS” – Yasmine Afifi

Gender Lens investing vital to economic recovery

Virgin Hyperloop unveils location for Hyperloop certification centre

TikTok taps Oracle as secure cloud provider

Zoom gets security boost with Keybase acquisition

Why collaboration is the answer to the successful roll-out of 5G

OPSWAT invests $10 Million in scholarship learning program to help close cybersecurity skills gap

Alef Education showcases the Alef Metaverse to improve climate education at COP28

Bybit and AUS unveil the tech talents of tomorrow

How digital education solutions can help students achieve their full learning potential

Seeds for the Future 2023: Huawei gathers ME & CA’s brightest ICT talent in Qatar

Middle East Energy to further boost their sustainability agenda

EDF UK selects Dynatrace to keep the power flowing

KROHNE harnessing the power of analytics to drive energy transformation

“All of us are pulling in the right direction for a better tomorrow” – Frank Janssens, VP at KROHNE

AI and advanced analytics drive sustainability and efficiency

Above and ‘Beyon’ – New Money SuperApp launched in the UAE

New cross-border payments platform Digit9 launches in the UAE

Hub71 partners with global economic transformation specialist on MENA start-up ecosystem

Spheroid Universe coin to be listed on MEXC exchange

DIFC Innovation Hub launches AccelerateHER program

Innovating Finance: UAE’s Pioneering Role in the Blockchain and Crypto Landscape

Pioneering Sharjah’s Digital Revolution

Interview: Shaping a Secure World

Dubai Chamber of Digital Economy scouts Asia for tech start-ups

Government leaders from IT sector honoured at GovTech Innovation Awards

Dubai Science Park study backs R&D localisation amid projected surge in UAE healthcare spending

MarkiTech expands GCC footprint

MoHAP Launches Health Sector’s First National Centre of Excellence for AI

Korian Benelux future-proofs residential Care with AI-driven solutions

SAS accelerates responsible innovation efforts with new collaborations

Digitalisation key to accelerating construction development in Middle East, says Trimble

R&M Introduces First Single Pair Ethernet System to Support Middle East Smart Building Trend

To ‘upsmart’ your building, start with the elevator

Renters searching for homes online surge amid coronavirus fears

Emirati tech entrepreneur launches new app to ease Dubai’s rental woes

Brands Beware: The Application Generation Demands Seamless Digital Experiences

Opinion: Brands must respond to meet heightened customer expectations

Thriwe: Enhancing the Omni-channel experience

Navigating the Festive Cyber Landscape: Ensuring Online Safety during Holiday Shopping

Celebrate the Dubai Shopping Festival with Eros Electronics’ exclusive deals

Pure introduces first external block storage for Azure VMware Solution

RUCKUS Networks launches AI-driven solutions for hospitality

Genetec announces availability of Security Center SaaS

Opinion: Role of Innovation in Driving the New Space Economy

Brands Beware: The Application Generation Demands Seamless Digital Experiences