Game on- Cybersecurity for Sports and Entertainment:  Are you ready with the right offense and defense?

August 11, 2021 | Bindu Sundaresan

A billion-dollar industry at the prime of digital transformation

As operations at sports stadiums become more dependent on data centers and online networks, and as the performance metrics and health data of athletes become more vulnerable to illicit exposure or alteration, the $80 billion industry of competitive sports has become increasingly vulnerable to cyberattacks. As a business they are generating big money and big data, both of which are perfect for hackers.

World-renowned events taunt hackers to disrupt and deface critical services, while the thousands of fans in attendance are a veritable pot of money for those looking to extort online. The sports industry is an attractive target, and they need to up their game against malicious actors looking to make a home run with data, money, brand, and reputation from sport's big hitters.

Sports - Attack highlights

Web applications attacks and denial of service attacks are a higher bits-per-second volume in the sports industry, with social engineering attacks prominent in their occurrence. Attackers prey on the audience's mindset at these sports events where an individual watching sports have their guard down and rarely questions the authenticity of emails or web pages.  Social engineering focuses on one element; get someone to do something they would not normally do. With the elevated risks being introduced between virtual communication and sporting events, individuals should be taking security incredibly seriously.

Crisis fuels cybercrime and security Implications for the sports vertical

Mass remote working: In this vertical, the trend to work remotely, be highly collaborative, and often from personal devices is the norm. The trend is even more pronounced today, with many more employees working from home, and security can suffer as a result. Content in the sports and entertainment industry is as high-profile as it gets. Therefore, it presents an attractive target to cybercriminals and hacktivists keen to monetize it or accrue notoriety by leaking it.

Social media is critical in helping talent engage with fans and brands build communities to drive marketing campaigns. But this also exposes them to account hijacking, which could severely damage the reputation of companies and entertainment stars. Digital assets such as streaming portals, ticketing sites, and internal applications increase in the sector, offering many more avenues of attack for cybercriminals well-versed in targeting hidden vulnerabilities.

Foundational security plan for sports organizations

  • Security awareness training is vital to help reduce the impact of phishing, improve password security and minimize the risks associated with using public Wi-Fi. Multi-factor authentication (MFA) will further help secure employee and talent accounts, both internal ones and across social media or public-facing platforms. Least privilege access policies ensure that individuals can only access what they need to do their jobs and no more, closing off more avenues of attack. Endpoint security is required to keep at-home or remote workers protected. Regular pen testing and patching any discovered vulnerabilities, especially those in web applications, will further reduce the attack surface. Relevant enterprise security controls are required across the network, hybrid cloud server, endpoint, and email or web gateways.
  • Identifying vulnerabilities enables the organization to patch weaknesses before a hacker has a chance to exploit them.  Penetration test results may help drive your security budget and prioritize spending. It, therefore, shouldn’t be a surprise that penetration testing is the best practice for a reason. It’s time to stop putting it off and start thinking about the future of your business. With hacking and other cybercrime on the rise, all businesses must take cybersecurity seriously. Protecting systems, networks, and devices are essential in the race against cybercrime on businesses.
  • Sports organizations that don’t have a dedicated IT team can also benefit from managed cybersecurity solutions, whether to assess your vulnerabilities, prevent and protect your business from attacks, or detect and respond to them. Investing in these expert services can provide peace of mind and minimize your operations, data, and technology infrastructure risks. They also free up your workforce to focus on core responsibilities.
  • Given the headlines of ransomware in the news, your best defense against ransomware is a complete incident response plan. To say that ransomware causes technical difficulties is an understatement. Without the proper preparation, an attack can bring your business to a grinding halt and put your critical information at risk. Fortunately, ransomware attacks are both avoidable and containable by following fundamental security and disaster recovery best practices outlined above.

sports and entertainment cybersecurity

Digital transformation and reliance on technology

Sports organizations rely on technology, with most of them investing in websites, multiple social media accounts, email access, cloud-based servers, online bank accounts and databases, and digital technology to modernize their offerings.  The key cyberattacks that sports organizations are warned to protect themselves against are business email compromise phishing attacks, fraud, and ransomware campaigns being used to shut down critical event systems and stadiums – a quarter of malware attacks targeting sports organizations are said to have involved ransomware.  

Cybersecurity is a crucial consideration for nearly every business and organization. In recent years, teams and leagues, even individual athletes, have become affected by the changing threat landscape. The motives behind cyberattacks on sports organizations vary widely, ranging from industrial espionage and sabotage to simple identity theft. Teams and sports leaders recognize that these threats increasingly target them, and they are taking steps to beef up their defenses and protect themselves.

The goal for securing the sports industry is all about providing a Trusted Customer Experience, Operational Excellence, Digital Transformation, Digital Resilience. Cybersecurity is a team sport. Do you have the right players and techniques?

Bindu Sundaresan

About the Author: Bindu Sundaresan

Director, AT&T Cybersecurity. Bindu Sundaresan is currently responsible for growing the security consulting competencies and integration with the AT&T Services and Product Offerings. Bindu is a security SME (subject matter expert) with the judgment and experience to right-size and customize information security solutions that both accommodate and enable business growth. She has worked to establish enterprise vision, strategies, and programs for Fortune 50 companies to ensure the confidentiality, integrity, and availability of information assets – thus protecting and enhancing multimillion/billion-dollar revenue streams.

Read more posts from Bindu Sundaresan ›

‹ BACK TO ALL BLOGS

Get price Free trial