The Growing Importance of Cybersecurity in Sports
Three months ago, on a Friday evening in late November, Manchester United, one of the world’s most valuable football clubs, announced it was the victim of a cyber attack.
The club - ranked third on Forbes’ list of most valuable football organisations - termed the attack “disruptive,” but officials said they were not aware of any fan data being compromised, and their media channels - their app and website - were unaffected.
Manchester United’s breach is just one example of dozens to have hit British sports organisations in recent months. According to the UK National Cyber Security Centre (NCSC), more than 70 percent of sports organisations surveyed experienced some sort of breach in the year prior to the survey. A worrying figure, and more than double the number of entities suffering such breaches in the general UK business sector.
The overall number of cyber attacks has increased since the outbreak of COVID-19. But it is not a phenomenon that emerged over the last 12 months, nor is it reserved only for British sports organisations. In 2018, the PyeongChang Winter Olympics were targeted on the night of the opening ceremony, affecting the event’s Internet, broadcasting systems and website.
The list goes on, and these attacks have proven to be costly, with NCSC statistics showing 30 percent of incidents caused financial damage, averaging £10K per incident and reaching up to £4M per incident.
Big names, big budgets: why sports entities are such enticing targets
This is just the beginning of attacks against the sports world, says Idan Dardikman, Co-Founder and VP Professional Services of Axioma Cyber Services, a boutique consultancy firm. Dardikman served in an elite intelligence unit of the Israeli army, learning the ins and outs of the cyber world and gaining a deeper understanding of the industry and its inhabitants, what motivates them and how they operate.
“I think sports organizations are just beginning to be a very popular target for attackers,” he tells Infront X Lab, citing several main reasons - big names, big budgets and publicity.
Oftentimes hackers decide to attack organizations they are familiar with. They know names like FIFA or Manchester United, know their value, and assume they have a lot of money to be extorted.
Another reason is notoriety. Attackers want publicity and targeting big name organisations ensures their names and handiwork will be talked about.
Knowledge is power, but it’s lacking in sports
While attacks against sports entities continue to rise and become more popular, when it comes to securing assets, the sports world is lagging behind. Dardikman attributes this to the fact that massive attacks against sports organizations began only a few years ago. This means that sports organizations either have yet to grasp the magnitude of a continuing and worsening trend, or they have yet to take the right steps in implementing protection methods.
The technologies to protect sports organizations are out there, but what is currently missing is the “know-how.”
“Knowledge is definitely the biggest obstacle right now,” Dardikman explains. “There is already the understanding that cybersecurity is important and it isn’t something that can be ignored anymore, and organizations allocate the budget. What they’re missing usually is the know-how of how the cyber industry works.”
Even when organizations do allocate budgets and purchase security products, they often purchase the wrong ones or use them in the wrong way, having a low understanding of the products they actually need. They are “misconfigured.”
If sports organizations wish to improve their defenses, they should begin by bringing in external help from a domain expert and understand the most crucial points in their security and what threats are imposed on them. They can then allocate their budget in a more efficient manner.