Microsoft has issued a warning about the unique security challenges faced by organizations involved in sporting events. In its latest Cyber Signals report, the tech giant highlights how threat actors are able to breach venues, teams, and infrastructure associated with major sporting events. This warning comes at a crucial time, as the FIFA Women’s World Cup is currently taking place in Australia and New Zealand, and a recent survey conducted by the UK’s National Cyber Security Centre revealed that 70% of sporting organizations surveyed experience at least one cyberattack per year.
The report emphasizes that valuable information linked to sporting events is at a higher risk than ever before due to the increasing number of interconnected networks and devices present at venues. It also points out that IT systems at these venues have their own vulnerabilities, both known and unknown, that threat actors can exploit to infect systems with malware and steal information.
A range of information can be stolen during these attacks, including point of sale data, personal data from visitors’ devices obtained through breaching companion apps and wireless hotspots, and the proliferation of QR codes with malicious URLs. Additionally, the report highlights that sports teams themselves are targeted, as they possess data related to athletic performance as well as personal information on individuals, which can be valuable to hackers.
Microsoft claims to have provided assistance in protecting the IT infrastructure of the upcoming 2022 FIFA World Cup in Qatar. The company’s Defender Experts for Hunting team conducted risk assessments and developed cybersecurity defenses for facilities and organizations involved in the tournament.
However, Microsoft also acknowledges that sporting events present their own unique challenges that are distinct from other environments. These events often happen quickly, with numerous vendors and organizations coming together and accessing fundamental networks on a temporary basis. Therefore, there is limited opportunity to evaluate and refine the security measures in place. Venues also need to consider the risk to privacy that comes with a cybersecurity presence, ensuring that the infrastructure setup adheres to privacy policies already in place.
To address these risks, Microsoft recommends that all parties involved in sporting events, including venues, teams, and associations, prioritize cybersecurity. They should implement multi-layered protection measures such as firewalls, intrusion detection and prevention systems, and strong encryption protocols to safeguard networks. Regular audits and assessments should also be conducted to promptly address any identified weaknesses.
In conclusion, the article highlights the security challenges faced by organizations involved in sporting events, as identified by Microsoft’s Cyber Signals report. It emphasizes the vulnerability of valuable information due to interconnected networks and devices at venues, as well as the unique nature of these events. Microsoft’s recommendations for implementing robust cybersecurity measures are also outlined. Given the increasing frequency of cyberattacks in the sports industry, it is crucial for all stakeholders to take cybersecurity seriously in order to protect themselves and attendees.
