Cyber threats to high-profile sporting events and venues are on the rise, according to a recent study by Microsoft.
The report, dubbed “Microsoft Threat Intelligence State of Play,” sheds light on the escalating risks faced by major sporting events. With our ever-increasing digital connectivity, cyber threats severely threaten event organizers, hosting facilities, and spectators.
The rising trend of cyber-attacks on sporting events and organizations has been documented in various studies. For instance, a 2020 report from the UK’s National Cyber Security Centre (NCSC) revealed that 70% of sports organizations were victims of at least one cyber-attack annually.
Microsoft had first-hand experience dealing with cybersecurity issues during Qatar’s 2022 FIFA World Cup. A vast cybercrime economy and relatively easy entry points make this opportunistic infiltration a substantial risk for significant events. Thus, layered defenses and thoughtful planning are vital to secure these events.
Also Read: The Stealthy Tactic Targeting Android Apps
The past five years have witnessed several high-profile sports-related cyber-attacks. These include Russian threat actors’ disruptions of the 2018 Winter Olympics and ransomware attacks on the English Premier League’s Manchester United in 2022.
Ransomware attack on the US National Basketball Association’s (NBA) Houston Rockets in 2021, among others.
In February 2022, a ransomware attack was confirmed by the US National Football League’s (NFL) San Francisco 49ers, striking just a day before Super Bowl Sunday.
Fast forward to March 2022, it was reported that a cyber-attack targeted a third-party vendor, leading to the theft of personal data of American Major League Baseball Players and their families.
Sports events face unique cybersecurity challenges due to the broad digital footprint that needs to be safeguarded. This involves securing many connected devices and networks and managing known and unknown vulnerabilities across various venues and arenas.
Threat actors can exploit this vast digital landscape to attack multiple targets, including pop-up payment systems, attendees, and devices with weak security. The security landscape is further complicated by the involvement of various stakeholders, like corporate sponsors, municipal authorities, and third-party contractors.
Cyber threats to sporting events come from various sources, both financially motivated cyber-criminals and politically driven actors. Cyber-criminals target sports teams and venues for the valuable data they hold, while politically-motivated actors aim to disrupt events and garner publicity for their causes.
Microsoft has made several recommendations to protect future sporting events, like the 2023 Women’s World Cup in Australia and New Zealand. These include: Strengthening the security operations center (SOC) team.
- Conducting cyber risk assessments
- Implementing robust access management measures
- Protecting venue technology
- Educating stakeholders about cybersecurity best practices.