- Microsoft has unpacked the findings from its latest Cyber Signals report, focusing on how sporting events have become an attractive target for cyber attacks.
- The company used data from last year’s FIFA World Cup in Qatar to inform the report.
- The reason for sporting events being so attractive is the result of so many connected devices being in one environment.
This year there are a number of large-scale international sporting events, with some having recently taken place on South Africa’s shores. While this is great news for sports fans who may have been starved of action during the pandemic and lockdown, for cyber criminals these sporting events are proving to be a highly attractive target.
This is according to Microsoft, which unpacked the findings and insights of its most recent Cyber Signals report.
The company also had some unique insight into the matter, having served as cybersecurity support to critical infrastructure facilities during last year’s FIFA World Cup in Qatar.
Looking closer at the numbers for the World Cup, Microsoft noted that it analysed more than 634.4 million events while providing cybersecurity defences for facilities and organisations.
Microsoft found that the complexity, size, and sheer volume of connected devices that a large-scale event like the World Cup presents, poses increasingly difficult problems for those tasked with handling cybersecurity and privacy.
“Overall, the total number of entities and systems monitored twenty-four-seven with human-led threat hunting and response support encompassed more than 100,000 endpoints, 144,000 identities, 14.6 million plus e-mail flows, over 634.6 million authentications, and billions of network connections,” the company shares.
“Cybersecurity threats to large events and venues, especially those in increasingly connected environments, are diverse and complex, and require constant vigilance and collaboration among stakeholders to prevent and mitigate escalation,” highlights Colin Erasmus, COO at Microsoft South Africa.
Consequently, the IT systems at venues and arenas contain hundreds of known and unknown vulnerabilities that allow threat actors to target critical business services such as point-of-sale machines, IT infrastructures, and visitors’ smartphones.
“The huge swell of attendees and staff that bring data and information with them through their own devices increases the attack surface and can also be targeted through vulnerable event digital amenities, like companion mobile apps, wireless hotspots, and QR codes with malicious URLs,” he adds.
Moving forward, Microsoft urges organisers of sporting events to take extreme measures when it comes to identifying and safeguarding against cybersecurity threats. To that end, the vigilance that is shown towards preventing physical crime and theft should be paid to cyber ones too.
“To safeguard against cybersecurity threats, sports, associations, teams, and venues must adopt robust protective measures. As a first step they should prioritise the implementation of a comprehensive and multi-layered security framework. This includes deploying firewalls, intrusion detection and prevention systems, and strong encryption protocols to fortify the network against unauthorised access and data breaches. Regular security audits and vulnerability assessments should be conducted to identify and address any weaknesses within the network infrastructure,” advises Erasmus.
“It is essential to partner with reputable cybersecurity firms to continuously monitor network traffic, detect potential threats in real time, and respond swiftly to any security incidents. Knowing safe practices can help enterprises and attendees sidestep becoming victims of data theft or social engineering attacks,” he concludes.
To read the findings from the latest Cyber Signals report, head here.
[Image – Photo by Mario Klassen on Unsplash]
