Microsoft warns that sporting events can be the target of major cyberattacks
Microsoft has offered striking advice on how organizations, especially those involved in major sporting events, should protect themselves and visitors.
In the fifth installment of its Cyber Signals report, the tech giant offers insight into how threat actors manage to breach the venues, teams and infrastructure of popular sporting events.
It comes at a crucial time as the FIFA Women’s World Cup is currently taking place in Australia and New Zealand, and a questionnaire A survey by the UK’s National Cyber Security Center (NCSC) found that 70% of sporting organizations surveyed experience a cyber-attack at least once a year.
Unique challenges
The Cyber Signals report notes that valuable information related to sporting events is now more at risk than ever, thanks to the proliferation of interconnected networks and devices in venues.
It adds that IT systems in these locations have their own vulnerabilities, both known and unknown, that threat actors can exploit to infect systems with malware and steal information.
The types of information that can be stolen include point-of-sale data, personal data from visitors’ devices, which can be obtained by hacking companion apps and wireless hotspots, as well as spreading QR codes with malicious URLs.
Sports teams are also a target themselves, as they hold data related to athletic performance and personal information about individuals that could be valuable to a hacker.
The report also notes that Microsoft helped protect IT infrastructure during the 2022 FIFA World Cup in Qatar, with the Defender Experts for Hunting team conducting risk assessments and developing cybersecurity defenses for facilities and organizations.
Microsoft also says the nature of sporting events brings their own unique challenges not found in other environments. They often happen quickly and many vendors and organizations congregate and have temporary access to basic networks, so there isn’t much opportunity to evaluate and fine-tune the security posture.
Sites must also consider the risk to privacy associated with a cybersecurity presence, so consideration should be given to whether setting up this infrastructure violates such privacy policies.
Microsoft recommends that everyone at sporting events, from the venue itself to the teams and associations, take cybersecurity seriously. They must use multi-layered protection, including firewalls, intrusion detection and prevention, and strong encryption protocols to protect networks.
Regular audits and reviews should also be carried out to ensure that any shortcomings are quickly rectified.