Professional sports has a cybersecurity problem. Last year, the National Cyber Security Centre found that 70% of sports organizations experience at least one cyberattack per year. This is a considerable increase over general businesses, of which just 32% reported dealing with cyber incidents or harmful cyber activity.
Many factors are driving this trend. For starters, high-profile sporting events have grown increasingly digitized in recent years. Sports teams, major league and global sporting associations, and entertainment venues are home to valuable information, such as insights on athletic performance and each team's competitive advantages, as well as sensitive consumer data. And with the global sports market expected to reach $623.6 billion by 2027, threat actors are looking to capitalize on this information.
Furthermore, large-scale professional sports environments have numerous connected devices and interconnected networks. For example, when Microsoft helped deliver cybersecurity support for critical infrastructure facilities during a large global sporting event, we performed over 634.6 million authentications while helping protect more than 100,000 endpoints, 144,000 identities, and 14.6 million email flows.
High-profile sporting events come together quickly, so it’s important that security teams have clear visibility and control across their entire digital estates. This includes everything from attendees' personal devices to the team or venue's Web and social media presence, registration and ticketing platforms, mass notification systems, electronic signage, and more.
Keep reading to learn about the biggest cybersecurity risks facing professional sports teams and event venues and how you can help defend against them.
4 Key Cyber-Risks For Sports Venues
No two venues are alike, and security teams must weigh a variety of factors, such as the arena's physical location, event participants, and crowd size, to create an accurate cyber-risk profile. However, similarities can still be found among high-profile sporting events. Here are some of the common cyber-risks to pay attention to when securing large events and venues.
- Connected video boards and digital signage: Digital displays can represent an overlooked entry point to a venue's network. When working to create a proactive defense and planning ahead of large events, security teams should follow zero-trust principles by disabling unnecessary ports and ensuring frequent network scanning. Doing so allows teams to scan for rogue wireless access point updates and to patch software as needed. Additionally, teams should prioritize applications that offer an encryption layer for all data.
- Wi-Fi hotspots, mobile apps, and QR codes: Human error and individual attendee behavior can be one of the most unpredictable risks for security teams to mitigate. General cybersecurity education can go a long way in this regard. Start by encouraging event attendees to update their apps and personal devices with the latest software patches. Likewise, attendees should be reminded to avoid using public Wi-Fi to access sensitive personal information and to be cautious when interacting with unofficial links, attachments, and QR codes.
- Point-of-sale and other commerce systems: Anything dealing with financial information is a frequent target, so point-of-sale devices and commerce systems should be treated with extra caution. Not only should these devices be frequently patched and connected to their own separate network, but attendees should be reminded to limit their personal transactions only in areas that have officially been endorsed by the event host. Unsanctioned kiosks and ATMs are one avenue threat actors might use to try to steal personal financial data.
- Stadium access and infrastructure equipment: Finally, critical infrastructure is another major target for cybercriminals. Security teams can better secure stadium access and protect infrastructure equipment by developing logical network segmentations between IT and operational technology (OT) systems. This helps to limit cross access between devices and data, ultimately mitigating the potential impact in the event of a cyberattack.
Cyber threats for sporting events represent a unique challenge. These threats can be difficult to detect due to the fast-paced nature of professional sports and large-scale events. However, by sharing intel on the latest attack vectors and cybersecurity best practices, we can work to create a more secure digital landscape for sports fans and professionals alike.
Read more Partner Perspectives from Microsoft Security.