If you live in South Africa, you’re probably aware that the Rugby World Cup kicks off in Japan today (20th September), with the global sporting event said to be the most tech-enabled to date. While many will be focusing on the action happening on the field, the growing issue of cybersecurity will also come to the fore.
That’s not to say that organisers have planned any cybersecurity-focused initiatives per se, but rather that global sports events like the Rugby World Cup provided numerous opportunities for cybercriminals to strike.
This according to Simon McCullough, major channel account manager at F5 Networks.
For the fans
“In 2015, there were over 270 million social media video views, 2,8 million official app downloads, and the #RWC2015 hashtag appeared twice a second. Expect records to tumble again this year as cybercriminals get match fit to breach the security defences of organisers, sponsors and fans alike,” he explains.
“With so much excitement in the air, fans may not be paying attention to some of the online red flags. This could pose a problem for businesses. How many employees will place an unsecure bet? How many will attempt to win tickets from a fraudulent website using BYOD or an office-supplied device?,” ponders the F5 exec.
With that in mind, McCullough has listed a few tips for those attending this year’s Rugby World Cup, and other large-scale events, so as not to fall victims to cybercrime.
Hi advice includes:
- Limit public WiFi use or use a private network or virtual private network (VPN) with data encryption capabilities.
- Ensure devices have the latest operating system and patches installed.
- Question messages with links or attachments – a trusted brand wouldn’t immediately ask for personal data or financial information.
- Use trusted websites with the HTTPS prefix and avoid search engine-assisted ecommerce Spelling mistakes and design flaws are obvious warning signs, but they are getting harder to spot.
- Only download apps from trusted sources.
For the enterprises
McCullough also has some advice for enterprises too.
Here he points to the Internet of Things (IoT) as a major threat during sporting events, with thingbots in particular posing a cybersecurity threat. These embedded bots, which are often used by hackers to infiltrate a device connected to a large IoT-esque system.
The channel account manager highlights what the F5 Labs team advocates for in these sorts of environments.
“To combat the thingbot threat, F5 Labs recommend tackling their most damaging offensive moves first,” he notes.
“For DDoS attacks, that means a cloud scrubbing provider is the way to go. Next up are application attacks, which require specialised application firewalls with behaviour-based bot detection and traffic inspection,” McCullough adds.
Some other avenues that enterprises should consider safeguarding against when it comes to IoT are:
- Disabling remote management. Restrict operations to a management network, or place behind a firewall. Leverage NAT at a minimum if the devices will be used in a residence.
- Changing vendor default credentials and disabling the default admin account.
- Continually updating devices with the latest firmware as it is released.
Watch it develop
Whatever happens on the field, it looks like the way in which cybersecurity is handled off it, could prove equally intriguing, according to McCullough.
“Whatever happens at the rugby world cup, it will be intriguing to monitor cybercriminal activity in the coming weeks. By all accounts, Japan is well prepared, and the tournament could even yield the protective blueprint for future events of this scale,” McCullough points out.
“Dropping the ball is certainly not an option – especially with the 2020 Tokyo Olympics also on the horizon,” he concludes.
[Image – Rugby World Cup Twitter]