Since we live in a digital world where data has surpassed the value of oil and became the most valuable resource in the world, we start to question our digital security. Data has become more accessible for hackers, which results in a constant increase of cyber-attacks over the years.
Most industries function digitally, so cyber-attacks are present everywhere, including sport organizations. It is safe to say that we still haven’t figured out a way to keep our data safe and even the smallest leaks can lead to billions of dollars lost, as we can see from the previous shut-off pipeline incident that happened in the US which was caused by a cyber-attack.
Hackers would usually target big organizations, try to infect their system with a virus, and then force them to pay (usually with cryptocurrency) for the encryption key. They would attempt to access confidential information, most especially boardroom-level data and threaten to leak it.
Instances of Cyber Threats in Sports
Sports organizations are also a part of this problem and around 70% of all sports organizations receive at least one cyber-attack per year. This number is significantly higher than the average business in the US or UK, and 30% of the incidents end up with direct financial damage, averaging around $13,000 per attack.
With such high numbers, we still don’t know why the sports industry is favorable to hackers. One theory could be the easiness of the procedure and the lack of cybersecurity options.
At this year’s National Cyber Security Centre, cyber threat to sports organizations was the main subject and topic of the event. With that said, they highlighted a couple of cyber threats that are most common in sport organizations, such as:
Business Email Compromise (BEC)
In order for a hacker to gain access to your company’s information, he or she needs a gateway to your database. In most scenarios, the hacker’s best route to corrupting your company’s data is through a local device that is already working under the same network.
The most common way of hackers gaining access to sport organizations is through official business email addresses, where they use to encrypt data, fraudulent payments, or steal information. BEC is the fastest-growing cybercrime trend due to its “low-cost high reward” making this method very attractive for cyber-criminals.
This method is also been facilitated by the increased popularity of SaaS (Software-as-a-Service) solutions, like Office 365, which offers access to an organization’s system with a valid username and password.
The only way for sports organizations to protect themselves from this cyber threat is through employee education and teaching them about how cyber-attacks work and what to avoid. Just because BEC attacks are becoming more advanced, it makes it hard for employees to know whether the mail they received is legitimate or a cyber-attack.
Ransomware
The second most common cyber-security threat is ransomware, which is a type of malware that prevents you from accessing your computer and all the data you’ve stored. This way hackers can hold devices and/or data hostage until the attacker’s demands are met. Hackers often demand payment in cryptocurrency and if a company decides to pay them they will send you the encryption key.
One of the most common ways for hackers to gain access to devices is through unpatched software. So, make sure that your sports organization has the latest version of the software (Mac, iOS, Windows, or other) on every device. This goes as well with the devices of key members of the organization like board members, administrators, and executives with access to classified information.
Additionally, most sports organizations don’t back up data, which makes the impact of a successful ransomware attack much greater.
Cyber-Enabled Fraud
This is another email attack method that works very effectively for hackers. They tend to use email spoofing, or in other words, forge a fake email sender address to convince the recipient that they are opening an email from a legitimate source. They directly target unsuspecting employees especially those that are not well-versed in technology like board members and advisors.
More than 30% of sports organizations experienced email spoofing, and unfortunately, very few implemented anti-spoofing controls that are recommended by the NSCS.
There are many anti-spoofing controls that you can install to make your organization safer, such as:
• Domain-keys identified mail
• Domain-based authentication
• Sender Policy Framework
• Reporting and conformance
How Sports Organizations Can Improve Cyber Security
Email Security
Since one of the most common ways for hackers to gain access to an organization’s network is through email, the main focus of every sports organization should be implementing email security measures.
First of all, every sports organization needs to have two-factor authentication on their emails, and anti-spoofing controls that we mentioned before. Additionally, the NSCS also suggests that organizations should reduce the password burden on staff by using other technical tools and password managers that will improve the security of their mail.
Staff Empowerment
Just because hackers’ main goal is to trick people into making mistakes, it is crucial that employees are educated about cybersecurity. The people working in the organization are the first line of defense and it is important to encourage them to report any suspicious activity they spot. This includes as well informing key personnel with who are handling classified information.
Raising staff awareness through training will significantly reduce the risk of cyber-attacks.
Cyber Risk Management
Sports organizations may benefit from a more holistic approach to risk management that looks beyond compliances (for example GDPR) just to ensure that all cyber risks are considered across the IT department.
Whilst compliance is very important, but more effort should be put into identifying and prioritizing security measures that will make every organization safer. All aspects of the organization must be protected, from the boardroom all the way to the individual departments.
Mitigate Cybersecurity Risks in Sports
Every organization that operates digitally runs with the risk of being a victim of a cyber-attack, and the sports industry is no different. Cyber-attacks are getting more frequent, which is why it is a good idea to start investing in IT and cybersecurity to make the organization safer.
Hacker attacks may result in huge financial damage, and organizations often start to notice this issue after experiencing an attack, which is often already too late.
With that said, there are many effective measures suggested by the NCSC that can make every organization safer, including the main teams in the NFL or NBA odds by The TwinSpires Edge.
Your goal should be to back up any valuable information that might increase the damage from ransomware and add a couple of layers of security that will push hackers away.
One good way to guarantee data security for your sports organization would be to utilize kinds of software that have high security standards and enterprise-grade encryption such as a board management software. Using a board software can help increase cybersecurity in your organization, especially at the boardroom level.
—
Convene is a board portal software with increased security features and ISO accredited certifications that helps protect confidential boardroom level data like financial reports and board packets from data leaks and hacking attempts. Convene allows board directors of organizations to securely access their documents and digitally meet with each other safely.
Request a demo to learn more on how Convene can keep your boardrooms safe.
Ahmed is a cybersecurity analyst at Convene. He is well-versed and has experience creating information security and contingency plans to protect against attacks. Ahmed also provides useful vulnerability and threat analysis, while recommending viable software solutions.
- Connect:
-
