With an increasing reliance on IT, many large sports organizations are at a higher risk for cyber threats. What’s worse is that hackers are not only targeting the organizations but the fans who follow them as well. That includes you and me.
The consequences of an attack are dire. Financial information and other sensitive data belonging to athletes, organizations, and their fans are at risk. Whether it’s the NFL, NBA, MLB, or other popular sports enterprises, no one is safe. The only way to stop attacks is if sports organizations start practicing better cyber hygiene.
At ITS, we’ve helped organizations both large and small bolster their cybersecurity. In this article, we’ll dive deeper into the matter of IT security attacks on sports organizations and how to defend against them.
Common Cyber-Attacks on Sports Organizations and How to Protect Against Them
Check out some of the most common cyber-attacks experienced by sports organizations and how to protect against them.
Weak Passwords
One major headache for IT professionals is the fact that people are still using easily guessed passwords. According to the Verizon Business 2020 Data Breach Investigations Report, 89% of web application breaches were attributed to weak passwords. That’s because they are easy to crack.
A hacker can use sophisticated password cracking programs where a computer attempts to use every possible password until it succeeds. Or they can do it manually. These are called brute-force attacks. Once in, the hacker can access confidential data that they can sell on the Dark Web.
How to Protect Against Weak Passwords:
Enforce a strict organization-wide password policy. Ensuring that everyone in your organization is using complex passwords that consist of a string of upper and lower case letters, symbols, and numbers can thwart a large chunk of brute force attacks.
Enabling multi-factor authentication (MFA) can also help prevent these attacks. It adds an extra layer of security that can deter cybercriminals from getting into an account even if they’ve stolen your credentials.
Malicious Insiders
When Sig Mejdal turned over his laptop to the St. Louis Cardinals after accepting a job at the Houston Astros, he inadvertently gave the Cardinals’ scouting director Chris Correa access to his new boss’ deepest secrets.
Correa successfully used Mejdal’s password information to access Houston’s “Ground Control” database. He logged into the database 50 times between 2013 and 2014 to look for scouting assessments, player trade information, and other confidential data. Correa was punished for his theft, lost his job, and got 46 months in prison along with a fine of $280,000.
How to Protect Against Malicious Insiders:
Managed detection and response (MDR) can help detect insider threats and bad actors. It can monitor user activity such as abnormal behavior and who’s trying to access sensitive data.
Another way to defend against malicious insiders is by deploying an identity and access management (IAM) system. That allows IT managers to control user access to critical information within their organizations.
Phishing
In 2016, cybercriminals impersonated Milwaukee Buck’s president Peter Feigin in a phishing email requesting players’ and staff’s W-2 records. The email recipient thought this was a legitimate request and provided the records. The documents included tax records, Social Security numbers, and financial data like compensation packages for players.
No one in Buck’s headquarters knew this happened until weeks later. By then the hacker had time to use the information in other schemes. Phishing attacks like the one detailed here can result in the large-scale theft of sensitive data that can be used to commit other crimes like filing fraudulent tax returns.
How to Protect Against Phishing:
Phishing attacks are still one of the most common causes of data breaches. There’s a reason for that. Hackers are very good at social engineering, which can lure people into giving up their critical data. If you do find out that you’ve fallen victim to a phishing scam, make sure to inform your IT admins immediately. Time is vital to prevent further damage to your organization.
You can get software with built-in phishing filters. However, they won’t work all the time. The best way to prevent becoming a victim is by educating yourself and everyone in your organization via regular cybersecurity awareness training. Inform members of your organization about safe email practices and how to spot phishing schemes.
Malware Infections
In 2007, hackers found vulnerabilities in the Miami Dolphins’ websites. The site received a lot of traffic in anticipation of the 2007 Super Bowl that the Dolphins were playing in. The cybercriminals infected the websites with malware and executed attacks on the computers of the fans who visited them.
Believe it or not, this case isn’t unusual. Websites related to the Super Bowl are popular hunting grounds for hackers who want to spread malware that cripples IT infrastructures and holds data hostage for payments.
How to Protect Against Malware Infections:
There are various ways malware can get into your network. Unfortunately, there’s no single solution to protect against them. However, you can build up multiple layers of security such as antivirus, endpoint, detection and response (EDR), firewalls, and virtual private networks. Or you can enlist the help of a managed service provider (MSP) offering managed cybersecurity services for a more holistic solution.
Social Media Account Hacks
The NFL’s official Twitter account was hacked in 2016. The hacker then pulled a prank by posting a Tweet saying: “We regret to inform our fans that our commissioner, Roger Goodell, has passed away.” That, of course, wasn’t true. To date, the “joker” hasn’t been found.
While the incident may not have caused serious consequences, aside from confusion, it could have been much worse. The hacker could have posted a malicious link on the page, which could steal people’s data or install malware.
How to Protect Against Social Media Account Hacks:
Treat your organization’s social media accounts as something that requires the same level of security as your other online assets. Enforce MFA and a strict password policy for social media accounts to add an extra layer of protection.
Ready to Protect Your Sports Organization from Cyber-Attacks?
If you want to defend your organization from threats, you need to build multiple layers of security, paired with strict policies and managed by the right team. Doing so can help prevent similar outcomes to those described throughout this article.
At ITS, we help organizations protect their networks with a proactive and multi-layered approach. If you want to learn more, check out our video on the 15 ways to protect your business from a cyber attack.