A Whole New Ballgame: Applying the Immune System Approach to Sporting Event Cybersecurity

High-profile sporting events present an attractive target for cybercriminals and hacktivists. The fact that a significant security incident has yet to occur at a sporting event doesn’t mean cybercriminals aren’t chomping at the bit.

Just do a little digging — you’ll find a rash of campaigns and con artists seeking to exploit the publicity surrounding these events to commit crimes in both the real world and (increasingly) online.

Sporting event cybersecurity can affect athletes, spectators and everyone in between, including stadium staff members and medical personnel. From infecting high-profile websites with malicious code to dangling noteworthy games and matches as bait in phishing campaigns, criminals use these events as just another means to steal money and data from unsuspecting individuals and organizations.

Threat actors often take time to study and plan new attack approaches while security analysts hunt for new vulnerabilities and cybercriminal tactics during sporting events. Meanwhile, attackers exchange tactics, techniques and procedures in underground marketplaces on the darknet.

It can be challenging to build a realistic environment to test changes and simulate potential attacks. While creating a prototype is often possible for industrial control systems (ICSs), the gap between what is real and what is simulated makes it difficult to build prototypes for sporting event infrastructures. However, organizations must still prepare to respond to incidents targeting high-profile competitions.

A New Frontier for Sporting Event Cybersecurity

Sporting events can involve tens of thousands of people, including athletes, staff, security personnel, referees and more. Many of these staff members and competitors will require user IDs for key systems that are associated with multiple roles — all of which require immediate authentication. In the fast-paced world of sports, delays are not an option.

New technologies deployed at sporting events, such as video assistant referees (VARs), goal tracking, performance monitoring, mobile apps, live streaming and virtual and augmented reality, also present new threat vectors. Some of these technologies can directly impact the results of a game and even facilitate match-fixing issues.

Given the vast quantities of sensitive data generated at sporting events, such as athletes’ medical records, and the multiple parties accessing this information for legitimate purposes, security professionals face a tough challenge to protect data privacy. A data breach could put the entire competition in jeopardy — not to mention the reputational, financial and regulatory consequences that could befall the event organizers.

Since it’s also virtually impossible to secure all mobile devices present at sporting events (let alone educate all attendees on security best practices), spectators, athletes and staff members alike are at a higher risk of social engineering and phishing attacks. Furthermore, noteworthy events may host celebrities, high-ranking executives and other juicy targets for business email compromise (BEC) campaigns.

Most importantly, everything happens in real time at sporting events. As with industrial systems, once a cyberthreat hits a sporting competition, there is no time for security personnel to recover. The damage has already been done, especially if the incident interrupts the game or match at hand.

Clearing Sporting Event Cybersecurity Hurdles

Despite these challenges, security professionals can use modern TTPs to take meaningful steps toward improving sporting event cybersecurity. After all, there is no perfect crime in today’s hyperconnected world. No matter how meticulous they are in their nefarious schemes, the perpetrators always leave a trail. To locate the needles within massive haystacks of structured and unstructured information, analysts must integrate their controls into a cohesive security immune system powered by cognitive technology.

Security teams can start this process by identifying what data and tools reside in the cloud. While high-ranking business leaders often decide what is stored in the cloud and what resides on-premises, security professionals need visibility into this breakdown to properly inform the security information and event management (SIEM) solution, which is central to the security immune system.

It’s also crucial to consider security issues surrounding Wi-Fi networks. Analysts should plan for logical and physical segmentation focused on detection and prevention, respectively. Since event attendees tend to be glued to their mobile phones — no matter how exciting the competition is unfolding before their eyes — security professionals must also do everything in their power to secure those devices. This starts and ends with a flexible (yet robust) identity and access management (IAM) process.

Going for Data Security Gold

Data security is becoming increasingly critical in all business settings. If a data breach can grind operations to a halt in sectors like retail and health care, for instance, just imagine how an attack might impact high-profile sporting events. It’s not enough to simply implement security controls — they must also be integrated with computer security incident response team (CSIRT) processes.

By aligning traditional cyberdefense tools with robust, comprehensive incident response protocols, security teams can move from detection to response with a single click. This speed is crucial at high-profile sporting events, where new technology is everywhere, the threat surface is immeasurably large, and the vast majority of users are swept up in the excitement of the fierce competition on display. The security immune system approach gives the home team a significant advantage in the competition that matters most: the one between valiant cyberdefenders and nefarious threat actors looking to spoil everyone’s fun.

Watch the video: IBM and Wimbledon — Protecting the Oldest Brand in Tennis with Cognitive Security

Domenico Raguseo

Technical Sales and Solutions Leader in Europe, IBM Security

Domenico Raguseo is currently Manager of Technical Sales in Europe for the Security Systems Division. He has over 15...