High-profile sporting events present an attractive target for cybercriminals and hacktivists. The fact that a significant security incident has yet to occur at a sporting event doesn’t mean cybercriminals aren’t chomping at the bit.

Just do a little digging — you’ll find a rash of campaigns and con artists seeking to exploit the publicity surrounding these events to commit crimes in both the real world and (increasingly) online.

Sporting event cybersecurity can affect athletes, spectators and everyone in between, including stadium staff members and medical personnel. From infecting high-profile websites with malicious code to dangling noteworthy games and matches as bait in phishing campaigns, criminals use these events as just another means to steal money and data from unsuspecting individuals and organizations.

Threat actors often take time to study and plan new attack approaches while security analysts hunt for new vulnerabilities and cybercriminal tactics during sporting events. Meanwhile, attackers exchange tactics, techniques and procedures in underground marketplaces on the darknet.

It can be challenging to build a realistic environment to test changes and simulate potential attacks. While creating a prototype is often possible for industrial control systems (ICSs), the gap between what is real and what is simulated makes it difficult to build prototypes for sporting event infrastructures. However, organizations must still prepare to respond to incidents targeting high-profile competitions.

A New Frontier for Sporting Event Cybersecurity

Sporting events can involve tens of thousands of people, including athletes, staff, security personnel, referees and more. Many of these staff members and competitors will require user IDs for key systems that are associated with multiple roles — all of which require immediate authentication. In the fast-paced world of sports, delays are not an option.

New technologies deployed at sporting events, such as video assistant referees (VARs), goal tracking, performance monitoring, mobile apps, live streaming and virtual and augmented reality, also present new threat vectors. Some of these technologies can directly impact the results of a game and even facilitate match-fixing issues.

Given the vast quantities of sensitive data generated at sporting events, such as athletes’ medical records, and the multiple parties accessing this information for legitimate purposes, security professionals face a tough challenge to protect data privacy. A data breach could put the entire competition in jeopardy — not to mention the reputational, financial and regulatory consequences that could befall the event organizers.

Since it’s also virtually impossible to secure all mobile devices present at sporting events (let alone educate all attendees on security best practices), spectators, athletes and staff members alike are at a higher risk of social engineering and phishing attacks. Furthermore, noteworthy events may host celebrities, high-ranking executives and other juicy targets for business email compromise (BEC) campaigns.

Most importantly, everything happens in real time at sporting events. As with industrial systems, once a cyberthreat hits a sporting competition, there is no time for security personnel to recover. The damage has already been done, especially if the incident interrupts the game or match at hand.

Clearing Sporting Event Cybersecurity Hurdles

Despite these challenges, security professionals can use modern TTPs to take meaningful steps toward improving sporting event cybersecurity. After all, there is no perfect crime in today’s hyperconnected world. No matter how meticulous they are in their nefarious schemes, the perpetrators always leave a trail. To locate the needles within massive haystacks of structured and unstructured information, analysts must integrate their controls into a cohesive security immune system powered by cognitive technology.

Security teams can start this process by identifying what data and tools reside in the cloud. While high-ranking business leaders often decide what is stored in the cloud and what resides on-premises, security professionals need visibility into this breakdown to properly inform the security information and event management (SIEM) solution, which is central to the security immune system.

It’s also crucial to consider security issues surrounding Wi-Fi networks. Analysts should plan for logical and physical segmentation focused on detection and prevention, respectively. Since event attendees tend to be glued to their mobile phones — no matter how exciting the competition is unfolding before their eyes — security professionals must also do everything in their power to secure those devices. This starts and ends with a flexible (yet robust) identity and access management (IAM) process.

Going for Data Security Gold

Data security is becoming increasingly critical in all business settings. If a data breach can grind operations to a halt in sectors like retail and health care, for instance, just imagine how an attack might impact high-profile sporting events. It’s not enough to simply implement security controls — they must also be integrated with computer security incident response team (CSIRT) processes.

By aligning traditional cyberdefense tools with robust, comprehensive incident response protocols, security teams can move from detection to response with a single click. This speed is crucial at high-profile sporting events, where new technology is everywhere, the threat surface is immeasurably large, and the vast majority of users are swept up in the excitement of the fierce competition on display. The security immune system approach gives the home team a significant advantage in the competition that matters most: the one between valiant cyberdefenders and nefarious threat actors looking to spoil everyone’s fun.

Watch the video: IBM and Wimbledon — Protecting the Oldest Brand in Tennis with Cognitive Security

More from Data Protection

Transitioning to Quantum-Safe Encryption

With their vast increase in computing power, quantum computers promise to revolutionize many fields. Artificial intelligence, medicine and space exploration all benefit from this technological leap — but that power is also a double-edged sword. The risk is that threat actors could abuse quantum computers to break the key cryptographic algorithms we depend upon for the safety of our digital world. This poses a threat to a wide range of critical areas. Fortunately, alternate cryptographic algorithms that are safe against…

How Do You Plan to Celebrate National Computer Security Day?

In October 2022, the world marked the 19th Cybersecurity Awareness Month. October might be over, but employers can still talk about awareness of digital threats. We all have another chance before then: National Computer Security Day. The History of National Computer Security Day The origins of National Computer Security Day trace back to 1988 and the Washington, D.C. chapter of the Association for Computing Machinery’s Special Interest Group on Security, Audit and Control. As noted by National Today, those in…

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…