Today we released the fifth edition of Cyber Signals, spotlighting threats to large venues, and sporting and entertainment events, based on our learnings and telemetry from delivering cybersecurity support to critical infrastructure facilities during the State of Qatar’s hosting of the FIFA World Cup 2022™.
Cybersecurity threats to large events and venues are diverse and complex. They require constant vigilance and collaboration among stakeholders to prevent and mitigate escalation. With the global sports market valued at more than USD600 billion, sports teams, major league and global sporting associations, and attendees house a trove of valuable information desirable to cyber criminals.1
Unfortunately, this information is made increasingly vulnerable by the growing number of connected venues, and with the number of devices and interconnected networks in these environments, sports teams as well as major league and global sporting associations and attendees house a trove of valuable information desirable to cybercriminals.
Venue IT systems and arenas contain hundreds of known and unknown vulnerabilities that allow threat actors to target critical business services such as point of sale, IT infrastructures, and visitor devices. Teams, coaches, and athletes themselves are also vulnerable to data loss on athletic performance, competitive advantage, and personal information. Attendee personal identifiable information can also be targeted through vulnerable event digital amenities, like companion mobile apps, wireless hotspots, and QR codes with malicious URLs.
The fifth edition of Cyber Signals looks at threats to large venues, and sporting and entertainment events.
Microsoft Defender Experts for Hunting developed comprehensive cybersecurity defenses for Qatari facilities and organizations supporting the soccer tournament. Defender Experts for Hunting conducted an initial risk assessment, factoring in threat actor profiles, adversary tactics, techniques, and procedures, and other global intelligence from our telemetry. We ultimately analyzed more than 634.4 million events while providing cybersecurity defenses for Qatari facilities and organizations throughout November and December of 2022.
With sporting and entertainment events at large, there is a level of cyber risk and vulnerability that does not exist in other environments. Because some of these events come together quickly, often with new partners and vendors acquiring access to enterprise networks that are perceived as temporary, they are often not designed for evaluation and ongoing refinement of the security posture.
In addition to the pre-planning required to support this unique security apparatus, venues consider the privacy risk associated with temporary, ad-hoc, and permanent cyber infrastructure. That means understanding and acknowledging if configurations needed to support the event potentially add additional risk or vulnerability.
To safeguard against cybersecurity threats, sports, associations, teams, and venues must adopt robust protective measures. First and foremost, they should prioritize the implementation of a comprehensive and multilayered security framework. This includes deploying firewalls, intrusion detection and prevention systems, and strong encryption protocols to fortify the network against unauthorized access and data breaches. Regular security audits and vulnerability assessments should be conducted to identify and address any weaknesses within the network infrastructure.
Furthermore, user awareness and training programs are crucial to educating employees and stakeholders about cybersecurity best practices, such as recognizing phishing emails, using multifactor authentication or passwordless protection, and avoiding suspicious links or downloads. Additionally, it is essential to partner with reputable cybersecurity firms to continuously monitor network traffic, detect potential threats in real time, and respond swiftly to any security incidents. By adopting these proactive measures, sports associations, teams, and venues can significantly enhance their resilience against cyberattacks and protect both their own infrastructure and the sensitive information of their patrons.
Learn more in this fifth edition of Cyber Signals.
Learn more about Microsoft Defender Experts for Hunting.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest news and updates on cybersecurity.
1Global Sports Market Forecast to 2032: Sector is Expected to Reach $623.63 Billion in 2027 at a CAGR of 5%, Globe Newswire. May 3, 2023.
The post Cyber Signals: Sporting events and venues draw cyberthreats at increasing rates appeared first on Microsoft Security Blog.
Source: Microsoft Security