Cyber Security in Sport
Technology is at the centre of almost everything in modern-day life, and the world of sport is no exception. And where there are computers, there is almost certainly going to be cybercrime – a new competitor in the world of sport and this one doesn’t play fair.
There is a very real, very present threat to sports, in 2020 the National Cyber Security Centre (NCSC) issued a statement that “At least 70% of the sports organizations we surveyed have experienced at least one cyber incident or harmful cyber activity. This compares to 32% across general UK business, according to the DCMS annual breaches survey.”
Why do sports organisations rely so heavily on technology?
One word – Data! Sport has come a long way from the days of having a kebab and chips before the big game (a shocking development indeed!). Every athlete is looking for any opportunity to be faster, stronger, and sharper – essentially anything to give them the edge on their opponents. Technology is utilised to track every detail from an athlete’s pulse and blood oxygen levels, to how fast they are running and how high they can jump. All this information can give organisations the tools to cater to an athlete’s strengths and weaknesses. The science behind all this isn’t just theoretical, it has allowed athletes to push themselves to new limits, break records and continually better previous generations.
Analysing in-game performance is also of huge significance to organisations with Forbes predicting the market for sports analytics is expected to reach almost $4 billion in 2022. One of the most famous examples took place in Baseball, when Oakland Athletics general manager, Billy Beane, lead his team to a playoff place despite having one of the lowest budgets in the league by using in-game statistics to identify undervalued players. This feat was the inspiration for the book and subsequent film, Moneyball.
You may wonder why sports organisations are targeted so frequently but what is important to remember is that sport is a business like any other, and business is booming. In the UK alone the sports sector contributes £37bn to the economy each year. You can see why the bad guys would see sports clubs as very lucrative targets.
Who has been targeted?
In November 2020, football giants, Manchester United F.C were the victims of a ransomware attack. Ransomware is a form of malware that encrypts data so that it is inaccessible to the owner, the data could be anything from databases of personal information to files and applications. A ransom is then demanded to regain access. This kind of attack can halt all proceedings of a company and be very costly. It is believed that the origin of the ransomware attack was an email phishing scam in which the club’s network was compromised. Manchester United employees were told to not access their work emails and some IT systems were disabled. The club was assisted by the NCSC to re-gain control over their systems and make sure the network was secure before switching it back on. It took around two weeks from the initial attack for the issue to be resolved, which is an exceedingly worrying amount of time for criminal organisations to have access to swathes of private data. Furthermore, it also goes to show that these cybercriminal groups are not scared to attack big-name organisations with plenty of resources at their fingertips – if they can fall victim to this crime, it’s very possible others can too.
Back in 2018 Lazio Football Club fell victim to a spear-phishing scam – one that cost them a cool €2 million. Spear-phishing is where fraudsters pretend to be someone the victim knows and trusts. They will then try to send malware through an attachment, or in this case, request a payment. The club thought that they were sending €2 million to FC Feyenoord, the final instalment for defender Stefan de Vrij. However, that payment went directly to the fraudster who emailed them under false pretences. In 2020 the FBI named known scammer ‘Hushpuppi’ as the man responsible for the crime.
Following a doping scandal, the International Olympic Committee ruled to ban Russia from all competitions (Olympics, Paralympics, World Championships) for 4 years. What followed was a series of Russian cyberattacks, from their military intelligence, on the 2018 Winter Olympics and 2020 Tokyo Summer Olympics, according to the American and British authorities.
What steps should organisations take?
It may seem like there are cyber threats around every corner, however, there are plenty of actions that can be taken to even the playing field.
An often-overlooked solution to cyber security is education. Giving the correct training to all employees within an organisation can be crucial, and possibly save a lot of headaches. Utilising training providers such as KnowBe4 or Proofpoint PSAT is a great way to do this, they have large libraries of security awareness training content that covers a wide range of security threats including social engineering, spear-phishing, and ransomware.
Multi-factor authentication is another great way to secure organisations from outsiders, this strengthens security by requiring multiple methods to verify identity. It’s simple, effective, and doesn’t break the bank to set up.
The Chief Information Security Officer (CISO) is a top-level executive whose role is to develop and implement an information security program, creating the policies, security architecture, processes and systems that help reduce cyber threats and keep data secure. The specialised skill set and knowledge a CISO brings to organisations can be critical to the health of a business’s security. An experienced CISO can be hard to come by and quite expensive too, which is why at SEP2 we offer a virtual CISO service, or as we call it, Team CISO. An experienced SEP2 information security practitioner is assigned to you to offer your organisation the role of a CISO and offers their time and insight to an organisation on an ongoing basis, part-time and remotely.
Sport is treasured the world over and is one of the few ways in which we can all come together to enjoy and be united, therefore it is worth protecting. There will always be people trying to spoil the fun for their own benefit, but if the correct steps are taken, we can claim victory.