Organizations would do well to think more clearly about the human cost associated with cyber-attacks and to engage with those affected in the event of a breach, according to Sebastian Coe.
The IAAF chairman was responding to a question about recent attacks on the athletics body's infrastructure by Fancy Bear/APT28 hackers; the same Kremlin-linked group pegged for raids on the DNC, as well as anti-doping agency WADA.
“You have to be open at this moment, so I apologized to the athletes,” he told attendees during the opening keynote on the final day of Infosecurity Europe this morning.
The attack in question, revealed in April, compromised athletes’ medical data, most notably those who had applied for Therapeutic Use Exemptions (TUEs), where normally prohibited substances can be taken to treat an illness.
It followed a decision to ban Russian athletes from the Rio Olympics, Paralympics and the upcoming World Championships in London later this year because of doping.
Coe refused to be drawn on attribution for the attacks, but said: “If you’re an interesting organization doing interesting things then you’re going to be of interest.”
“Given that we … said ‘no, enough is enough’, it was inevitable that organizations like ourselves, the IOC, and [WADA] were targeted,” he added.
“The process we entered was proactive and the relationships we formed in the public and private sector allowed us to remedy the situation.”
In fact, relationship-building is key to avoiding risk when attempting major projects such as the hosting of international sporting events like the London Olympics, he argued.
That process, which Coe managed from its inception over 17 years ago, exposed many learnings which could even help senior information security managers in their strategic roles.
Key challenges mentioned by the former Olympic gold medallist included managing reputational damage; communicating the project “vision” on a continuous basis; managing social media effectively; and comprehensive stress-testing of IT systems.
Coe acknowledged that sporting organizations had of late been subjected to the same cyber threats that have faced businesses for years.
Alongside building solid relationships with public and private sector partners, it’s important to understand attribution, the tools being used and the intent when it comes to cyber-attacks, he argued.