The forthcoming Olympic Games in Rio de Janeiro, Brazil are subject to no shortage of media coverage. Concerns about Zika, Brazilian presidential politics, and underlying infrastructure and economic issues have dominated headlines for quite some time. Of course, as with any modern Olympic Games, security is also an area of worry. Thousands of police and security personnel will be on hand to protect spectators, athletes, and the general public, but less attention is being paid to cybersecurity. GRA Quantum recently authored a white paper that brings attention to very real cyber concerns that locals, visitors, and companies alike as the Games descend on Rio. The white paper explores the history of cybercrime in Brazil and its existing internet infrastructure before analyzing the situation in the context of the upcoming Games. Finally, it offers advice and “next steps” to ensure the future security of Brazil’s evolving cyber landscape.
Cybercrime in Brazil has extensively targeted the country’s financial sector – especially as more and more Brazilians are turning to online banking to manage their finances. Almost half of all banking is done via the internet, and according to Fedraban, 95 percent of losses incurred by Brazilian banks is due to cybercrime. With limited enforcement mechanism, most cyberattacks go uninvestigated, let alone punished. This final point ought to be of particular concern to visitors, because while tourists probably will not be utilizing Brazil’s financial services, they will likely be using public Wi-Fi, which generally goes unsecured. This means spectators at the Games are liable to have credit card information or other personal data stolen if caution is not exercised.
Standing between Rio and the world-wide network of cybercriminals, according to the white paper, are just the 200 members of Brazil’s military cybersecurity agency, CDCiber. Widely criticized for its organizational structure, limited resources, and embarrassingly small size, CDCiber will almost certainly be outgunned and outmatched when the Games – and the cyberattacks – begin. In 2012, the London Olympics website was breached 2.2 million times and Tokyo already has plans to train 50,000 cybersecurity professionals in advance of their turn at hosting the games in 2020. It appears likely that for several weeks in August, Rio de Janeiro will be a turkey shoot for cybercriminals.
Finally, the white paper looks forward at ways to mitigate the cyber threat to the Games and Brazil as a whole. Among the suggestions it offers are placing a premium on educating the general public. As more and more Brazilians turn to the internet and mobile devices for banking, shopping, and communication, they ought to be aware of cyber threats and how to minimize their own risk. Second, it suggests a reexamination of CDCiber as an entity. Military jurisdiction over cybersecurity represents a misunderstanding of the threat landscape, and brazil would do well to retool their approach. Lastly, visitors to the games should maintain a heightened state of vigilance and practice good cyber hygiene while in Brazil. That means avoiding public Wi-Fi, minimize the transmission of sensitive data through activities like online shopping, and being wary of sketchy ATMs.
With the Olympics fast approaching, the white paper argues, Brazil’s multitude of internal problems is only growing. From mounting concerns about the Zika Virus to a presidency on the verge of ruin, Brazil’s internal problems are escalating. Cybersecurity must remain a part of this discourse, both for the security of the Olympics themselves and to ensure the security of a future Brazil.