A cyberattack has hit Manchester United’s systems, but it is not yet clear if there is any breach of personal data for fans or customers. The club has acknowledged the attack but added that forensic tracing is being carried out in an attempt to establish further details about the attack.
This is a perfect example of how better planning can be less disruptive. As a fan of Manchester United, I am so proud of how they handled this. They had obviously prepared, planned and rehearsed for this (something all organizations should be doing) and it shows. They were able to react quickly, shut it down, and save their data. Manchester United likely doesn’t even have as sensitive data that other orgs would have, like hospitals or government entities, but they had all the policies and procedures in place – and that’s what saved them. They clearly had a current playbook to help guide them through this, and it worked perfectly.
In addition, they referenced the attackers as “cybercriminals,” which is the correct reference, versus the incorrect reference of these criminal attacks as “hackers.
Large sports organisations are a prime target for cyber criminals. Earlier this year the National Cyber Security Centre’s urged the sector to tighten its cybersecurity after it revealed that at least 70% of institutions suffer a cyber incident every 12 months – more than double the average for UK businesses. All data has value to cyber criminals, and in a business as lucrative as Premier League football it is not surprising that the activity of wealthy clubs has piqued the interest of cyber criminals.
Unsurprisingly, Manchester United has stated that the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality. However, it is impossible to cover yourself against all threats in cyberspace, and that’s why a layered approach covering people, process and technology is essential to help minimise the risks.
While details of this incident are unclear, since the outbreak of COVID-19 we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their way into corporate systems. Technical countermeasures against phishing attempts and detecting malicious activities are much more robust than they have been in the past. The human, on the other hand, is more complex and hard to predict in certain scenarios while easy to manipulate in others. Security awareness educates employees about manipulative techniques that might be used against them and also highlights the benefits of adapting their information security behaviour.
Kudos to the cybersecurity experts at Manchester United Football Club for their quick and decisive response to a reportedly sophisticated cyber attack on their network. All companies and organisations in the public and private sector should heed this warning. You will be attacked and suffer material loss from well funded hacking groups and/or motivated individuals looking to profit or make political statements off your brand by stealing data, encrypting your files and demanding ransom and causing your company to be singled out in the headlines.
But there are steps companies can take as defenders to reverse the adversary advantage and to start making cybercrime less profitable. First, companies need to improve their security hygiene and they need all employees adhere to internal security guidelines and protocols. Secondly, companies need to deploy around the clock threat hunting capabilities. They also need to deploy newer anti-ransomware software and advanced detection and response software (XDR) in order to be able to detect in real time when malicious behaviour is occurring inside their network.
Too often, cyber criminals penetrate a network and then steal credentials and essentially impersonate employees that have been authorized and unbeknownst to them they are stealing proprietary data for weeks or months completely undetected.
To all companies set your 2021 goals now to reduce risk by improving your ability to root out malicious behavior before it is too late and you suffer a material breach.