In the digital era, even the world of sports isn’t immune to cybersecurity threats. A recent study titled “State of Play” conducted by Microsoft shed light on the amplified risks at major sporting events, highlighting a fertile ground for cybercriminals to exploit interconnected systems and networks.
The 2022 FIFA World Cup in Qatar served as a prime example. Microsoft, responsible for overseeing the cybersecurity of the event’s critical infrastructure, witnessed relentless attempts by attackers to breach the integrated systems. They specifically exploited identity-based vulnerabilities.
Justin Turner, Principal Group Manager at Microsoft Security Research, described the challenges faced, stating, “The unique aspect of the sports domain is its varied IT assets and operations. The landscape consists of numerous mobile devices, spanning teams, staff, and a vast connectivity network that includes stadiums, training centers, hotels, and more. Moreover, these connections fluctuate based on tournament schedules and team performances.”
Such a broad and dynamic digital ecosystem gives cyber adversaries ample opportunities. They can target mobile payment systems, socially engineer participants, and scout for devices that haven’t been patched or have configuration issues. The intricacy of the security framework is magnified with multiple entities managing diverse systems, such as corporate sponsors, municipal authorities, and third-party contractors.
Security professionals from Approov and Cyware weighed in on the issue, offering valuable perspectives:
**George McGregor, VP at Approov,** pointed out the vulnerabilities associated with apps specially developed for events. Taking the FIFA Women’s World Cup app as an instance, which saw over 10 million Android downloads, he mentioned, “These apps, intended to provide an all-inclusive event experience, can become cyber liability points. Without proper protection, they could inadvertently leak financial data or become sources for broader infrastructure attacks.”
**Amit Patel, SVP at Cyware,** emphasized the inherent attractiveness of such massive gatherings for cyber attackers. He elaborated, “Whenever we see a congregation of tens of thousands utilizing shared digital infrastructure, it’s an open invitation for cyber malefactors. Major sports leagues have begun to recognize the importance of collective security measures rather than banking solely on localized solutions. A global threat monitoring system, coupled with automated intel sharing across leagues and venues, can significantly minimize such risks.”
The revelations from Microsoft’s study are a stark reminder that as the world integrates technology more deeply into every facet of life, including sports, proactive and layered cybersecurity becomes paramount.
For those interested in a deeper exploration of this topic, Dr. Muhammad Malik’s article, “Securing Next-Generation Broadcast Media Enterprises Against Cyberthreats,” offers a comprehensive overview. Dr. Malik delves into the intricacies of the evolving challenges and delineates a systematic strategy to fortify media networks against these looming threats. The full article is accessible on the ISACA website.
About the Author
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.
