SINGAPORE – Media OutReach – August 4, 2023 – Today Microsoft released the
fifth edition of Cyber Signalshighlighting threats to major venues, sporting and entertainment events, based on lessons learned and telemetry from the provision of cybersecurity support to critical infrastructure during the organization by the Qatar State of the 2022 FIFA World Cup™.
Cybersecurity threats for large events and venues are diverse and complex. They require constant vigilance and collaboration among stakeholders to prevent and mitigate escalation. With a global sports market valued at over $600 billion, sports teams as well as major leagues and global sports associations, and participants harbor a wealth of valuable information desirable to cybercriminals.
Unfortunately, this information is made increasingly vulnerable by the increasing number of connected sites and the number of interconnected devices and networks in these environments, sports teams as well as major leagues and global sports associations and participants, harbor a wealth of valuable information desirable for cybercriminals. .
The sites’ IT systems and arenas contain hundreds of known and unknown vulnerabilities that allow threat actors to target critical business services such as point-of-sale, IT infrastructure and visitor devices. Teams, coaches and athletes themselves are also vulnerable to the loss of sports performance data, competitive advantage and personal information. Personally identifiable attendee information may also be targeted through vulnerable digital event equipment, such as companion mobile apps, Wi-Fi hotspots, and QR codes with malicious URLs.
Microsoft Defender for Hunting Experts (DEX) has developed comprehensive cybersecurity defenses for Qatari facilities and organizations supporting the football tournament. DEX conducted an initial risk assessment, taking into account threat actor profiles, adversary tactics, techniques and procedures, and other aggregate information from Microsoft telemetry. It ultimately analyzed over 634.4 million events while providing cybersecurity defenses to Qatari facilities and organizations in November and December 2022.
With sporting and entertainment events in general, there is a level of cyber risk and vulnerability that does not exist in other environments. Because some of these events happen quickly, often with new partners and vendors accessing corporate networks perceived as temporary, they are often not designed for ongoing security posture assessment and improvement.
In addition to the advance planning required to support this unique security apparatus, sites consider the privacy risk associated with temporary, ad hoc, and permanent cyberinfrastructure. This means understanding and recognizing if the configurations needed to support the event potentially add additional risk or vulnerability.
To guard against cybersecurity threats, sports, associations, teams, and venues must adopt robust safeguards. Above all, they should prioritize the implementation of a comprehensive, multi-layered security framework. This includes deploying firewalls, intrusion detection and prevention systems, and strong encryption protocols to harden the network against unauthorized access and data breaches. Regular security audits and vulnerability assessments should be performed to identify and correct any weaknesses within the network infrastructure.
Additionally, user awareness and training programs are essential to educate employees and stakeholders on cybersecurity best practices, such as recognizing phishing emails, using multi-factor authentication or passwordless protection, and prevention of suspicious links or downloads. Additionally, it is essential to partner with reputable cybersecurity companies to continuously monitor network traffic, detect potential threats in real time, and respond quickly to any security incidents. By adopting these proactive measures, sports associations, teams and venues can significantly improve their resilience against cyberattacks and protect both their own infrastructure and their customers’ sensitive information.
Learn more in this fifth edition of
Cybersignals.
To learn more about Microsoft security solutions, visit
website. Bookmark the
Safety Blog to track Microsoft’s security expertise. Also follow Microsoft on LinkedIn (Microsoft Security) and Twitter (@MSFTSecurity) for the latest cybersecurity news and updates.
Hashtag: #MicrosoftSingapore
The issuer is solely responsible for the content of this announcement.
