C (15:07)

I'm a little atypical because I look at those events from this perspective. Right. My brain has always been wired for the logistics and the stuff under the covers that's happening there. So looking at an event this large, it's really about the compromises that those organizations are making under the covers around speed of deployment versus security. There's a lot of places where because their ephemeral networks or their temporary shortcuts get taken that probably shouldn't be taken in full time type configurations, but they matter just as much or more.

B (15:48)

Well, tell us about the setup of something like this. I mean, obviously it takes years to prepare an event venue for something of this scale. But at the same time, as you say, this isn't a permanent installation.

C (16:03)

Yeah, it's very temporary. Right. And it's a lot of overlapping pieces that don't really fit quite right. So we have external network access, we have internal network access, we have badge scanners and physical equipment being bridged out to the Internet or maybe just internally to a network. And there isn't really a comprehensive owner in some of these situations, which is problematic. Right. In a single organization, if I go to one of my customers and say, should it be A, B or C, there's an adult that can make that decision. In an organization that's single threaded. But across a situation like this where you have so many different separate parties engaged, you know, stuff like that either falls through the cracks or somebody just makes a decision to move forward because time is always against them.

B (16:55)

Can you give us some examples of some of the things that you would find concerning with this project like this?

C (17:03)

Absolutely. So, you know, we hear from customers at Zona all the time that vendors want to do what's best for them. And I mean, that's their business. They're supposed to, but it turns into things like wireless hotspots being added to networks in places where they don't belong, or access not, you know, being approved or even documented just to make things go a little faster or a little smoother. And that can lead to unknown attack vulnerabilities. Right.

B (17:31)

Hmm. What, what do you suppose the bad guys would be after in a situation like this? Are there things that have a big red bullseye on them?

C (17:43)

It's a great question. So looking at the previous attacks and the environment we live in today, I think there's a couple of different main driving factors. The first is financial. That comes in a couple of different segments. The first is being able to, you know, access funds that aren't yours. Right. Being able to attack credit card processing systems or ticketing systems and extract funds, ransomware is a huge factor today these days. Right. The ability to turn off an event that the whole world is watching presents a lot of time and financial pressure for an organization to, you know, succumb to those demands. Similarly, a stage like this, globally, where everyone is paying attention, is a place that folks who want to, to be heard in terms of messaging can be seen very quickly. Right. If you have something you want to make the world hear and you turn off the thing that everybody's watching, you kind of have their undivided attention.

B (18:47)

What do you suppose the folks in charge of security are focused on in these weeks leading up to the event itself? Where do you suppose things stand right now?

C (18:59)

I'd say at this point, the focus is actually making the implementation match the thing that they drew on the whiteboard over the last couple of years. To your earlier point. Right. This. There. There's the perfect world that you want to live in and you can draw that on a whiteboard and kind of make a best level of effort. And then there's the reality of the situation when you get there and the patch cable's 20ft too short or the WI fi doesn't reach to this area, or nobody told you that the vendor needed this port coming in or this port coming out. The reality of implementation is where it kind of all goes pear shaped.

B (19:37)

Yeah. And as you say, I mean, the opening ceremonies happen when they happen, there's no putting them off for a day.

C (19:45)

Yeah, we had that outage a couple of years ago at a Super Bowl. Right. The power went out in the facility and everybody just stared at their televisions impatiently until they got it sorted out. And that's, that's the reality of the physical world for these, these sorts of large scale events right there. Everything has to go right for this to work, which is very similar to security. Like, even if it isn't a security issue, just having the power be out for half an hour while they tried to get everything back on to continue? The folks that are running these events have to be right 100% of the time. And security vulnerabilities, attackers only have to be right once in order for it to work out for them.

B (20:29)

Are there lessons that we can take away from large events like this that, you know, the folks defending their own networks can apply?

C (20:37)

You know, from our perspective at Zona, I think the biggest, you know, key 10,000 foot takeaway is that you are a target. And I think that's something that's been changing here in the last couple of years, especially from, you know, this first attack in Ukraine, is that you are specifically being attacked, and you need to act as if that is the case. We can't continue to keep our head in the sand around, hey, nobody knows about me. I'm just some little podunk water treatment plant or OT facility. Nobody cares about me. You're specifically on people's radar. Similarly, all these events are becoming targets because of the visibility and the financial opportunity there. So trying to be prepared, as prepared as you can be, I think, is the. Is the key takeaway here. And to be prepared, that means you have to really understand what is going on in your environment and in your network. And in a lot of these places, again, there isn't a comprehensive single owner that can say, ah, yes, I can say with authority, do these things and not those things. Because it's a hodgepodge of different organizations coming together temporarily that we really need. Everybody involved needs to be as focused as they can be on the security of the implementation.

B (22:00)

Yeah. I mean, it strikes me that we talk so much in cybersecurity about supply chains and that this is a tangle of supply chains. Right. Of so many interconnecting parts that have to all function together to make an Olympic Games possible.

C (22:19)

Absolutely. And as more things become digital, it gets more tangled. Understanding that my dad went to the 1984 Olympics in LA and he loved it. He had a paper ticket in his hand. He didn't have a smartphone. Right. He handed the guy the ticket. And I mean, that comes with some drawbacks. You can't forget your ticket and still make it. But the world was a different place.

B (22:43)

You probably signed a few travelers checks. Exactly.

C (22:45)

Right. Like, come on.

B (22:48)

Right. It was a different world.

C (22:51)

But, you know, that's pros and cons. If we just think about the idea of public WI fi in these spaces, or even just the cell towers in those spaces, they weren't designed for the sorts of load that they are experienced those couple of times a year for these huge events. We've all been to these sorts of games where suddenly your cell phone just isn't working, or it's working at the speed of smell. We can't really. It just doesn't work the way you expect it to. And that's true for everybody who's trying to conduct business and maintain security through these events as well.

B (23:29)

Yeah. All right, well, Mike, I think I have everything I need for our story here. Is there anything I missed? Anything I didn't ask you that think it's important to share.

C (23:40)

I think my closing words are that security is no accident. It's an active thing we have to be paying attention to, and it comes in a lot of knowns and also a lot of unknowns. And so taking some time to evaluate the whole environment is key.

B (23:59)

That's Mike Carr, Field CTO at Zona.

D (24:16)

The world moves fast. Your workday even faster. Pitching products, drafting reports, analyzing data. Microsoft 365 Copilot is your AI assistant for work built into Word, Excel, PowerPoint and other Microsoft 365 apps you use, helping you quickly write, analyze, create and summarize so you can cut through clutter and clear a path to your best work. Learn more@Microsoft.com M365 Copilot this episode is.

A (24:46)

Brought to you by Indeed. Stop waiting around for the perfect candidate. Instead, use Indeed sponsored Jobs to find the right people with the right skills fast. It's a simple way to make sure your listing is the first candidate C According to Indeed data, sponsored jobs have four times more applicants than non sponsored jobs. So go build your dream team today with Indeed. Get a $75 sponsored job credit@ Indeed.com podcast. Terms and conditions apply.

B (25:16)

And finally, federal prosecutors say a California thrill seeker may have let gravity and Instagram get the better of him. Jack Propek of Mission Viejo is charged after allegedly base jumping from Glacier Point in Yosemite national park during last year's government shutdown. Investigators say the case began with a tip about an Instagram video showing the jump helpfully zooming in on the jumper's face mid descent. License plate data placed Propek's car in the park, and photos showed him wearing the same distinctive purple mirrored sunglasses seen in the video. When contacted, Propek denied being the jumper, claiming, wait for it, artificial intelligence had pasted his face onto the footage. Park rangers were unconvinced Base jumping is illegal in national parks, and officials say shut down or not, the rules still apply. Propek, who is representing himself, is due in court in April, Gravity having already had its say. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday and my conversation with Pieto Voltia, head of threat intel and platform at Abnormal AI. We're discussing their work inbox prime AI, a new phishing kit fueling scalable AI powered cybercrime. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Heltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.

C (28:06)

Foreign.

B (28:15)

If you only attend one cybersecurity conference this year, make it RSAC 2026. It's happening March 23rd through the 26th in San Francisco, bringing together the global security community for four days of expert insights, hands on learning and real innovation. I'll say this plainly, I never miss this conference. The ideas and conversations stay with me all year. Join thousands of practitioners and leaders tackling today's toughest challenges and shaping what comes next. Register today@rsaconference.com cyberwire26 I'll see you in San Francisco.