Sport Teams And Events Are Easy Targets For Hackers

With a sports packed summer upon us, including WImbledon, Euro’s and the Olympics, 2016 really is a year of sport. But as sports teams, organisations and tournaments embrace mobile, cloud and analytics, how does this open them up to cyber attacks and hackers? What do hackers want from these targets and how do they plan to achieve this?

Mark Bower of HPE Security – Data Security, a provider of advanced encryption, tokenization and key management solutions, and Stephen Gates of NSFOCUS IB, a global network and application security provider, have shared their thought on this topic below.

Mark Bower, Global Director at HPE Security – Data Security:

“The importance of protecting data associated with sports events, whether it’s professional or amateur athletics, school teams or something as large as the Olympics and other major organised sports, is no different than protecting enterprise or customer data. It’s prudent for organisations of all kinds to follow best practices of encrypting all sensitive personal data as it enters a system, at rest, in use and in motion.

With systems that process online and in-person point-of-sales ticket purchases, for example, the ability to neutralise a breach by rendering data useless if lost or stolen, through data-centric encryption, is an essential benefit to ensure data remains secure.

Hackers will steal anything of value, and even the information could be held for sale on the black market to be used for social engineering attacks for spearphishing to attempt to gain access to deeper systems with even more lucrative data that can be monetised directly if stolen.

We have a saying in security, it’s not a matter of if a breach will happen, but when. Beyond the threat to sensitive data, companies need to be concerned with the impact a data breach can have on their reputation and, ultimately, on their bottom line.  A data-centric approach to security is the industry-accepted cornerstone needed to allow organisations to mitigate the risk and impact of cyber attacks and other attempts to get this sensitive information.

Many organisations are not readily equipped with modern data-centric protection which enables them to neutralise breach risks.  Any organisation dealing with medical data or other personally identifiable information (PII) must shift gears to modern data security practices while joining their peers in other industries who’ve already learned the importance of mitigating data threats.  The value of data-centric security controls enables organisations to protect valuable data assets and enable data-rich analytic insight without risk.”

Stephen Gates, Chief Research Intelligence Analyst at NSFOCUS IB:

“In cases like these, sports teams, organisations, and tournaments are threatened by the same cyber-attacks everyone else faces.  It’s all about hacker motivations and those unfortunately can be just about anything.  From notoriety, financial gain, competitive advantage, protest, you name it, the motivations are extremely broad. Most hackers are financially motivated.  Stealing someone’s identity by way of stealing their health, training, and/or financial records seems obvious to those aware of cyber threats. However, if a hacker had access to team records that showed someone was injured, or someone wouldn’t be playing etc. that inside information could be used to increase sports betting odds.  Remember, betting/gambling on sporting events is a huge business.

Hackers can achieve this by exploiting vulnerable systems, vulnerable defenses, or vulnerable people.  There is nothing special in this case with regards to hacking the systems that support these teams and these events.

To protect against these types of threats teams, organisations, and tournament organisers need to determine what would cause the most damage to the team and/or the event, and defend it to the nth degree.   Loose defenses only serve to make the hackers’ job easier.  They will appreciate and take advantage of your carelessness.

We are currently seeing many emerging attacks and threats, with the list of vulnerable applications, vulnerable defenses, and vulnerable people grows exponentially every day.  In this case, phishing attempts by hackers will likely be extremely high.  In addition, hackers taking advantage of vulnerabilities in applications and operating systems that allow remote code execution, will likely be high as well.”