The situation
An international sporting organisation engaged Control Risks to provide a cyber and information security threat assessment to its business travellers going to a high-threat destination in preparation for a high-profile sporting event. The organisation also instructed us to assess the broader threat of espionage and other cyber threats to its people, operations and systems ahead of the event, and to advise on security controls and governance processes to mitigate those threats.
Control Risks’ approach
We held a workshop at the beginning of the engagement with the organisation’s key security stakeholders. This gave us a detailed understanding of the individuals travelling to and from the destination, as well as the client’s own perception of their threat exposure.
We then used our threat intelligence analysis, and our expertise in investigating deep and dark web, open source, social media and technical sources, to identify the key threat actor groups posing the most significant threats to the client. These comprised state, cybercriminal and cyber activist groups, as well as potential malicious insiders. We assessed each group’s intent and capabilities to target the client and tailored the assessment to include all groups of travellers identified by the organisation.
Finally, we used our findings to recommend measures to help the client mitigate threats to their activities at the event’s location.
The outcome
After the initial travel threat assessment, the client launched a review of their travel security policies related to the event, taking into account the mitigation recommendations we provided.
The client also considered undertaking a broader cyber threat assessment to understand what security controls should be implemented in relation to the sports event itself.