Microsoft Cyber Signals: Sporting Events and Venues Draw Cyberthreats at Increasing Rates
Threat actors go where the targets are, capitalizing on opportunities to launch targeted or widespread, opportunistic attacks. This extends into high profile sporting events, especially those in increasingly connected environments, introducing cyber risk for organizers, regional host facilities, and attendees.
The United Kingdom’s National Cyber Security Centre (NCSC) found that cyberattacks against sports organizations are increasingly common, with 70 percent of those surveyed experiencing at least one attack per year, significantly higher than the average across businesses in the United Kingdom.
The pressure to deliver a smooth, safe experience on the world stage introduces new stakes for local hosts and facilities. A single misconfigured device, exposed password, or overlooked third-party connection can lead to a data breach or successful intrusion.
Microsoft released the fifth edition of Cyber Signals on Aug 4, spotlighting threats to large venues, sporting and entertainment events, based on learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during the State of Qatar's hosting of the FIFA World Cup 2022.
Cybersecurity threats to large events and venues are diverse and complex. They require constant vigilance and collaboration among stakeholders to prevent and mitigate escalation. With the global sports market valued at more than 600 billion USD, sports teams as well as major league and global sporting associations, and attendees house a trove of valuable information desirable to cybercriminals.
Unfortunately, this information is made increasingly vulnerable by the growing number of connected venues and the number of devices and interconnected networks in these environments, sports teams as well as major league and global sporting associations and attendees, house a trove of valuable information desirable to cybercriminals.
Venue IT systems and arenas contain hundreds of known and unknown vulnerabilities that allow threats actors to target critical business services such as point of sale, IT infrastructures, and visitor devices. Teams, coaches, and athletes themselves are also vulnerable to data loss on athletic performance, competitive advantage, and personal information. Attendee personal identifiable information can also be targeted through vulnerable event digital amenities, like companion mobile apps, Wi-Fi hotspots, and QR codes with malicious URLs.
Microsoft Defender Experts for Hunting (DEX) developed comprehensive cybersecurity defenses for Qatari facilities and organizations supporting the soccer tournament. DEX conducted an initial risk assessment, factoring in threat actor profiles, adversary tactics, techniques, and procedures, and other global intelligence from Microsoft's telemetry. It ultimately analyzed over 634.4 million events while providing cybersecurity defenses for Qatari facilities and organizations throughout November and December of 2022.
With sporting and entertainment events at large, there is a level of cyber risk and vulnerability that does not exist in other environments. Because some of these events come together quickly, often with new partners and vendors acquiring access to enterprise networks that are perceived as temporary, they are often not designed for evaluation and ongoing refinement of the security posture.
In addition to the pre-planning required to support this unique security apparatus, venues consider the privacy risk associated with temporary, ad-hoc, and permanent cyber infrastructure. That means understanding and acknowledging if configurations needed to support the event potentially add additional risk or vulnerability.
To safeguard against cybersecurity threats, sports, associations, teams, and venues must adopt robust protective measures. First and foremost, they should prioritize the implementation of a comprehensive and multi-layered security framework. This includes deploying firewalls, intrusion detection and prevention systems, and strong encryption protocols to fortify the network against unauthorized access and data breaches. Regular security audits and vulnerability assessments should be conducted to identify and address any weaknesses within the network infrastructure.
Furthermore, user awareness and training programs are crucial to educate employees and stakeholders about cybersecurity best practices, such as recognizing phishing emails, using multifactor authentication or passwordless protection, and avoiding suspicious links or downloads. Additionally, it is essential to partner with reputable cybersecurity firms to continuously monitor network traffic, detect potential threats in real-time, and respond swiftly to any security incidents. By adopting these proactive measures, sports associations, teams, and venues can significantly enhance their resilience against cyberattacks and protect both their own infrastructure and the sensitive information of their patrons.
Comments