Microsoft has offered valuable advice on how organizations, especially those involved in large sporting events, can safeguard themselves and their attendees against cyber threats.
In its fifth installment of the Cyber Signals report, Microsoft provides insights into how threat actors target and breach the venues, teams, and infrastructure of major sporting events. This guidance comes at a critical time, with the FIFA Women’s World Cup currently underway in Australia and New Zealand. A survey by the UK’s National Cyber Security Centre (NCSC) revealed that 70% of surveyed sporting organizations experience at least one cyberattack each year.
The report highlights that valuable information associated with sporting events is increasingly vulnerable due to the growing number of interconnected networks and devices at event venues. It emphasizes that IT systems at these venues possess known and unknown vulnerabilities that threat actors can exploit to introduce malware and steal data.
Potential stolen information includes point-of-sale data, personal data from visitors’ devices (obtained through breaches in companion apps and wireless hotspots), and the proliferation of QR codes with malicious URLs. Sporting teams are also targeted because they hold data related to athletic performance and personal information that can be valuable to hackers.
Microsoft’s report also notes its involvement in protecting the IT infrastructure during the 2022 FIFA World Cup in Qatar. The company’s Defender Experts for Hunting team conducted risk assessments and developed cybersecurity defenses for facilities and organizations.
Sporting events present unique cybersecurity challenges, as they often occur rapidly, involve various vendors and organizations that temporarily access fundamental networks. This limited time frame makes it difficult to thoroughly evaluate and refine security measures. Additionally, venues must consider the privacy implications of cybersecurity measures, ensuring they comply with privacy policies in place.
Microsoft’s recommendations for safeguarding sporting events include:
- Taking cybersecurity seriously at all levels, from venues to teams and associations.
- Implementing multi-layered protection, including firewalls, intrusion detection and prevention, and robust encryption protocols to secure networks.
- Conducting regular audits and assessments to swiftly address any weaknesses in the security posture.
By following these recommendations, organizations involved in sporting events can significantly enhance their cybersecurity resilience and protect against cyber threats.