Threat actors are opportunistic by nature, quickly evolving their attack methods to capitalize on new vulnerabilities or launch widespread attacks. Their latest target? High-profile sporting events and entertainment venues.
Sports organizers, regional host facilities, and even event attendees face a heightened degree of cyber risk due to increasingly connected environments. According to the United Kingdom’s National Cyber Security Centre, 70% of sports organizations have faced at least one cyber attack per year–a 119% increase over general UK business.
To help tackle this issue, Microsoft is sharing first-hand learnings about how threat actors attempt to infiltrate professional sports environments and event venues. Read on to learn more about our top recommendations for securing venues, teams, and more based on our cybersecurity support of critical infrastructure facilities during a large global sporting event.
The starting lineup of sport’s biggest risk areas
It only takes one misconfigured device, exposed password, or overlooked third-party connection for cybercriminals to potentially launch a successful intrusion or breach data. This threat is particularly applicable in professional sports given the sheer scale of connected devices and interconnected networks involved in these environments. During a renowned worldwide sporting event, Microsoft performed more than 634.6 million authentications while helping provide cybersecurity defenses for host country’s facilities and organizations.
Some of top-of-mind concerns during the event included the risk of cyber disruptions to event services or local facilities. For example, some healthcare facilities were designated as urgent care units for the event. Because these facilities regularly deal with sensitive medical data, they were considered high-value targets. A successful attack could have limited the facilities’ ability to utilize life-saving healthcare technology or opened the door to future data theft and extortion.
Our team also focused on monitoring the behavior of identities, logins, and file access across a variety of sectors like transportation, telecommunications, and other essential functions.
What we found was that cybersecurity threats to sporting events and venues are diverse and complex, requiring constant vigilance and stakeholder collaboration to prevent and mitigate escalation. Part of what makes these environments such an attractive target is the valuable information they hold. Information on athletic performance stats, team or company competitive advantages, and even personal consumer or athlete information can be vulnerable at scale due to the number of connected devices and interconnected networks in these environments.
Cyber vulnerabilities often span the teams themselves, as well as corporate sponsors, municipal authorities, and third-party contractors. Coaches, athletes, and fans can also be vulnerable to data loss and extortion. And that’s before we consider the known and unknown venues and arena vulnerabilities that allow threat actors to target critical business services like point-of-sale devices, IT infrastructures, and visitor devices.
5 tips for securing professional sports environments
So, now that we understand some of the main risk areas for professional sports environments, what can you do to better secure them?
- Augment the SOC team ahead of big events: Proactive detection is critical during professional sporting events. That’s why we recommend securing additional resources ahead of time to monitor the event, proactively detect threats, and send notifications. This strategy helps correlate more hunting data and discover early signs of intrusion. It should include threats beyond endpoint, like identity compromise or device-to-cloud pivot.
- Conduct a focused cyber risk assessment: Identify potential threats specific to the event, venue, or nation where the event is occurring. This assessment should examine and include input from vendors, team and venue IT professionals, sponsors, and key event stakeholders to ensure it is as comprehensive as possible.
- Deploy least privileged access: Leverage the power of Zero Trust by ensuring that system and service access is only granted to the individuals that need it. Additionally, train staff to understand access layers so that they can track how cyber criminals might move laterally throughout the network.
- Implement a comprehensive, multi-layered security framework: This framework should include strategies like deploying firewalls, intrusion detection and prevention systems, and strong encryption protocols. By incorporating these different aspects of threat detection and response, security teams will be better equipped to fortify the network against unauthorized access and data breaches.
- Prioritize user awareness and training programs: Cybersecurity is the job of everyone. Educate employees and stakeholders about cybersecurity best practices, such as recognizing phishing emails, using multifactor authentication or passwordless protection, and avoiding suspicious links or downloads to help minimize the risk of human error.
Cyber threats for large-scale events can look different than their enterprise counterparts. These threats can be less perceptible due to the complex nature of these types of events and how they often come together quickly. As new partners and vendors acquire access to enterprise and shared networks for a specific period of time, security teams can struggle to develop clear visibility and control of devices and data flows.
However, by sharing best practices on how to better secure these events, we can raise the barrier for cyber attacks and make professional sports safer for all. For more information on cybersecurity for high-profile sporting events, check out the full Cyber Signals report and explore Microsoft Security Insider for the latest threat intelligence updates.