Microsoft has offered up some salient advice on how organizations, particularly those involved with large sporting events, should protect themselves and attendees.
In the fifth installment of its Cyber Signals report, the tech giant offers insight into how threat actors manage to breach venues, teams and infrastructure of popular sporting events.
It comes at a crucial time, with the FIFA Women’s World Cup currently taking place in Australia and New Zealand, and a survey conducted the UK’s National Cyber Security Centre (NCSC) found that 70% of sporting organizations it surveyed suffer at least one cyberattack per year.
Unique challenges
The Cyber Signals report notes that valuable information associated with sporting events is at greater risk now more than ever, thanks to the increase in the number of interconnected networks and devices at venues.
It adds that IT systems at these venues have their own vulnerabilities, both known and unknown, which threat actors can exploit to infect systems with malware and steal information.
The sorts of information that can be stolen include point of sale data, personal data from visitor’s devices, which can be gained through breaching companion apps and wireless hotspots, as well as proliferating QR codes with malicious URLs.
Sports teams themselves are also a target, as they have data relating to athletic performance as well as personal information on individuals that may be worthwhile to a hacker.
The report also notes that Microsoft helped to protect IT infrastructure at the 2022 FIFA World Cup in Qatar, with its Defender Experts for Hunting team conducting risk assessments and developing cybersecurity defenses for facilities and organizations.
Microsoft also says that the nature of sporting events present their own unique challenges not seen in other environments. They often happen quickly, and many vendors and organizations come together and access fundamental networks on a temporary basis, so there isn’t much chance to evaluate and refine the security posture.
Venues also need to consider the risk to privacy that comes with a cybersecurity presence, so it needs to be taken into account whether setting up this infrastructure will contravene such privacy policies in place.
Microsoft recommends that everyone at sporting events, from the venue itself to the teams and associations must take cybersecurity seriously. They should use multi-layered protection, including firewalls, intrusion detection and prevention, and strong encryption protocols to protect networks.
Audits and assessments must be carried out regularly too, to ensure that any weaknesses are swiftly dealt with.