Cybersecurity threats are evolving at a rapid pace, with threat actors constantly adapting their methods to take advantage of new vulnerabilities and target high-profile events and venues. This includes sporting events and entertainment venues, which are facing an increased level of risk due to their interconnected environments. According to the United Kingdom’s National Cyber Security Centre, 70% of sports organizations have experienced at least one cyber attack per year, marking a 119% increase compared to general UK businesses.
To address this growing issue, Microsoft is sharing its firsthand learnings and recommendations for securing these venues, teams, and more, based on its experience in providing cybersecurity support during a large global sporting event. During this event, Microsoft performed over 634.6 million authentications while assisting in the implementation of cybersecurity defenses for the host country’s facilities and organizations.
One of the main risk areas identified during the event was the potential disruption of event services or local facilities through cyber attacks. For example, healthcare facilities designated as urgent care units for the event were particularly vulnerable due to the sensitive medical data they handle. A successful attack could have limited the facilities’ ability to utilize life-saving healthcare technology or exposed them to future data theft and extortion.
Microsoft’s team also focused on monitoring the behavior of identities, logins, and file access across various sectors, including transportation, telecommunications, and other essential functions. They found that cybersecurity threats to sporting events and venues are diverse and complex, requiring constant vigilance and collaboration among stakeholders to prevent and mitigate them. The attractiveness of these environments as targets lies in the valuable information they hold, such as athletic performance stats, competitive advantages, and personal consumer or athlete information.
The vulnerabilities extend beyond the teams themselves, also encompassing corporate sponsors, municipal authorities, and third-party contractors. Coaches, athletes, and fans can also fall victim to data loss and extortion. Furthermore, the venues and arenas themselves may have known or unknown vulnerabilities that can be exploited to target critical business services like point-of-sale devices, IT infrastructures, and visitor devices.
To better secure professional sports environments, Microsoft recommends the following:
1. Augment the SOC team ahead of big events: Proactively detecting threats during professional sporting events is crucial. It is advisable to secure additional resources in advance to monitor the event, detect threats proactively, and send notifications. This strategy should also consider threats beyond endpoints, such as identity compromise or device-to-cloud pivot.
2. Conduct a focused cyber risk assessment: Identify potential threats specific to the event, venue, or nation where the event is taking place. This assessment should involve input from vendors, team and venue IT professionals, sponsors, and key event stakeholders to ensure comprehensive coverage.
3. Deploy least privileged access: Implement a Zero Trust approach by granting system and service access only to individuals who require it. Additionally, educate staff on access layers to track potential lateral movements by cyber criminals within the network.
4. Implement a comprehensive, multi-layered security framework: The framework should include strategies like deploying firewalls, intrusion detection and prevention systems, and strong encryption protocols. By incorporating these different aspects of threat detection and response, security teams can better fortify the network against unauthorized access and data breaches.
5. Prioritize user awareness and training programs: Cybersecurity is everyone’s responsibility. Educate employees and stakeholders about cybersecurity best practices, such as recognizing phishing emails, using multifactor authentication or passwordless protection, and avoiding suspicious links or downloads to minimize the risk of human error.
Cyber threats during large-scale events can be less apparent due to the complex nature of such events and the rapid influx of new partners and vendors accessing enterprise and shared networks for a specific period of time. As a result, security teams may struggle to maintain visibility and control over devices and data flows. However, by implementing best practices and sharing knowledge, we can make professional sports safer for all involved. For more information on cybersecurity for high-profile sporting events, refer to Microsoft’s full Cyber Signals report and explore the latest threat intelligence updates on Microsoft Security Insider.