The summer Olympics are over, but some of the athletes are finding themselves as front-page news headlines again. The World Anti-Doping Agency (WADA) issued an announcement this week reporting that hackers gained access to the medical data of many athletes who participated in the Rio Olympics this summer. Those athletes who had their confidential information stolen and then leaked were prominent medalists including Venus and Serena Williams and Mo Farah. Clearly, these criminals had an agenda!
How could something like this happen?
WADA said the hackers were able to use an International Olympic Committee (IOC)-created account to illegally gain access to WADA’s Anti-Doping Administration and Management System (ADAMS) database that was used for the Olympic games. WADA also reported that they believe the hackers gained access to ADAMS passwords through spear phishing of email accounts.
Spear phishing is email spoofing used to get unauthorized access to confidential data. WADA didn’t report the exact way the hackers were able to gain access to ADAMS, but spear phishing messages often appear to come from a trusted source such as an individual within the recipient’s own company and generally someone in a position of authority.
Do you think most people don’t open phishing emails? In a Verizon Data Breach Investigation Report performed last year they reported that two thirds of all electronic espionage cases can be tracked through phishing. Cyber criminals know that we as workers are often not thinking about security, and if an email looks like it needs to be acted upon – we act, no questions asked.
What are the key lessons learned from this attack?
WADA said they are taking this attack very seriously and will be ratcheting up their internal and external security. They recognize the importance of educating their workers and ensuring that the ADAMS passwords and its usage are managed properly.
RES believes that education only goes so far. To protect confidential information, such as these athletes’ confidential data, you need proactive security controls in place. Not ones that lock down the user with access restrictions, but instead controls that allow them to access the information they need when they need it, and restrict access based on policy and the context of the user.
While human failure in today’s environments may result in a higher potential for breaches and security threats, better technology can detect and more quickly mitigate these risks, enhancing regulatory compliance. RES offers advanced capabilities that can help secure employees – still allowing them to work how and where they need to, but also enabling IT to ensure they continue to work in a secure fashion.
Want to learn more about RES ONE Security?
RES ONE Security protects your business from external and internal threats with a unique people-centric approach. You can learn more about how RES can help you the digital workspace for your workers at www.RES.com/Security.
Author: Lacy Gruen, Product Marketing Director, RES