With a sports packed summer upon us, including WImbledon, Euro’s and the Olympics, 2016 really is a year of sport. But as sports teams, organisations and tournaments embrace mobile, cloud and analytics, how does this open them up to cyber attacks and hackers? What do hackers want from these targets and how do they plan to achieve this?
Mark Bower of HPE Security – Data Security, a provider of advanced encryption, tokenization and key management solutions, and Stephen Gates of NSFOCUS IB, a global network and application security provider, have shared their thought on this topic below.
Mark Bower, Global Director at HPE Security – Data Security:
With systems that process online and in-person point-of-sales ticket purchases, for example, the ability to neutralise a breach by rendering data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure.
Hackers will steal anything of value, and even the information could be held for sale on the black market to be used for social engineering attacks for spearphishing to attempt to gain access to deeper systems with even more lucrative data that can be monetised directly if stolen.
We have a saying in security, it’s not a matter of if a breach will happen, but when. Beyond the threat to sensitive data, companies need to be concerned with the impact a data breach can have on their reputation and, ultimately, on their bottom line. A data-centric approach to security is the industry-accepted cornerstone needed to allow organisations to mitigate the risk and impact of cyber attacks and other attempts to get this sensitive information.
Many organisations are not readily equipped with modern data-centric protection which enables them to neutralise breach risks. Any organisation dealing with medical data or other personally identifiable information (PII) must shift gears to modern data security practices while joining their peers in other industries who’ve already learned the importance of mitigating data threats. The value of data-centric security controls enables organisations to protect valuable data assets and enable data-rich analytic insight without risk.”
Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB:
Hackers can achieve this by exploiting vulnerable systems, vulnerable defenses, or vulnerable people. There is nothing special in this case with regards to hacking the systems that support these teams and these events.
To protect against these types of threats teams, organisations, and tournament organisers need to determine what would cause the most damage to the team and/or the event, and defend it to the nth degree. Loose defenses only serve to make the hackers’ job easier. They will appreciate and take advantage of your carelessness.
We are currently seeing many emerging attacks and threats, with the list of vulnerable applications, vulnerable defenses, and vulnerable people grows exponentially every day. In this case, phishing attempts by hackers will likely be extremely high. In addition, hackers taking advantage of vulnerabilities in applications and operating systems that allow remote code execution, will likely be high as well.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.