In the digital era, even the world of sports isn’t immune to cybersecurity threats. A recent study titled “State of Play” conducted by Microsoft shed light on the amplified risks at major sporting events, highlighting a fertile ground for cybercriminals to exploit interconnected systems and networks.
The 2022 FIFA World Cup in Qatar served as a prime example. Microsoft, responsible for overseeing the cybersecurity of the event’s critical infrastructure, witnessed relentless attempts by attackers to breach the integrated systems. They specifically exploited identity-based vulnerabilities.
Justin Turner, Principal Group Manager at Microsoft Security Research, described the challenges faced, stating, “The unique aspect of the sports domain is its varied IT assets and operations. The landscape consists of numerous mobile devices, spanning teams, staff, and a vast connectivity network that includes stadiums, training centers, hotels, and more. Moreover, these connections fluctuate based on tournament schedules and team performances.”
Such a broad and dynamic digital ecosystem gives cyber adversaries ample opportunities. They can target mobile payment systems, socially engineer participants, and scout for devices that haven’t been patched or have configuration issues. The intricacy of the security framework is magnified with multiple entities managing diverse systems, such as corporate sponsors, municipal authorities, and third-party contractors.
Security professionals from Approov and Cyware weighed in on the issue, offering valuable perspectives:
**George McGregor, VP at Approov,** pointed out the vulnerabilities associated with apps specially developed for events. Taking the FIFA Women’s World Cup app as an instance, which saw over 10 million Android downloads, he mentioned, “These apps, intended to provide an all-inclusive event experience, can become cyber liability points. Without proper protection, they could inadvertently leak financial data or become sources for broader infrastructure attacks.”
**Amit Patel, SVP at Cyware,** emphasized the inherent attractiveness of such massive gatherings for cyber attackers. He elaborated, “Whenever we see a congregation of tens of thousands utilizing shared digital infrastructure, it’s an open invitation for cyber malefactors. Major sports leagues have begun to recognize the importance of collective security measures rather than banking solely on localized solutions. A global threat monitoring system, coupled with automated intel sharing across leagues and venues, can significantly minimize such risks.”
The revelations from Microsoft’s study are a stark reminder that as the world integrates technology more deeply into every facet of life, including sports, proactive and layered cybersecurity becomes paramount.
For those interested in a deeper exploration of this topic, Dr. Muhammad Malik’s article, “Securing Next-Generation Broadcast Media Enterprises Against Cyberthreats,” offers a comprehensive overview. Dr. Malik delves into the intricacies of the evolving challenges and delineates a systematic strategy to fortify media networks against these looming threats. The full article is accessible on the ISACA website.
“Anytime you gather tens of thousands of people together using shared infrastructure it’s an attractive target for attackers. Major sports leagues are realizing that they need to address security collectively – not relying on local capabilities. By monitoring threats globally, and sharing intel automatically across leagues and venues, and anticipating attacks, we can reduce risks considerably.”
“A key element are the apps which are launched for events (for example the FIFA Women’s World Cup app – 10M+ downloads on Android) which are intended to be a “one-stop shop” for events. Unless they are protected, they can leak personal financial data and also be a source of other information which can be used in broader infrastructure attacks.”