Blocked turnstiles, hacked transfer deals and fraudulent kit sales among cyber incidents against the sports sector according to the UK official National Cyber Security Centre (NCSC). The Centre’s first report on threats to the sports industry has shown it to be a high-value target with at least 70% of institutions suffer a cyber incident every 12 months, more than double the average for UK businesses.
A recent incident that brought attention to this huge problem was when an English Premier League club manager had their systems hacked during transfer negotiations. This almost resulted in the £1M fee falling into the hands of cyber criminals. The Managing Director reportedly clicked on a spearphishing email and was diverted to a spoofed Office 365 login page where he entered all his account details giving the cyber criminals access to his genuine account.
Earlier in the year an English Football League (EFL) club suffered a significant ransomware attack that crippled the clubs corporate and security systems. The attack resulted in the clubs' CCTV and turnstiles being unable to operate nearly resulting in the fixture having to be canceled. To this day it is unknown how the cyber criminals gained control of these systems however it was most likely through phishing emails or remote access to the CCTV. The cost of fixing the damages caused by this attack was over £100,000. This attack could have been avoided however the club did not have an emergency response plan and had not conducted response exercises, and the clubs cyber security investment was low. In the aftermath of this attack the club recruited a new IT manager.
This doesn't just effect football clubs either, in a separate case, a member of staff at a UK racecourse identified an item of grounds keeping equipment for sale on eBay, and agreed to a price of £15,000. The sale turned out to be fraudulent, a spoofed version of eBay had been created and the staff member was unable to recover the funds.
Paul Chichester, Director of Operations at the NCSC, said: “Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar.While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real. I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.”
To avoid your organization falling victim to cyber attacks get in touch today for cyber security advice at Social@ADNSgroup.com