NCSC research indicates that the cyber threat to the sports sector is significant. NCSC is the U.K.’s National Cyber Security Centre. The report finds that the primary cyber threat comes from cyber criminals with a financial motive. Criminal attacks typically take advantage of poor implementation of technical controls and normal human traits such as trust and ineffective password policies.
The NCSC’s report on cyber threats to sports organisations highlights the growing email scams these entities face, and that 70 percent have experienced an incident or cyber breach. The report identifies a small number of Hostile Nation-state attacks against sports organisations; typically, these attacks have exploited the same vulnerabilities used by criminals. However, the majority of attacks are coming from non-aligned hacker groups.
The study finds that the most common outcome of cyberattacks is unauthorised access to email accounts (what is referred to as Business Email Compromise) leading to fraud. In terms of the form of attack, ransomware appears to be a significant issue in the sector.
Looking into the issue for Digital Journal is Ed Macnair, CEO of Censornet.
The analyst explains why Business Email Compromise (BEC) is the biggest cyber threat to sports organisations: “What makes BEC so effective is how the ‘real’ looking emails play on every human desire to please a high ranking executive effectively leaving them open to compromise. Traditional pattern matching technologies usually used to catch spam are also useless against this technique – making them so difficult to stop.”
Macnair, adds: “The report shows that it’s not just BEC that needs to be watched out for. Spear phishing attacks against Office 365 users are also wreaking havoc. With the software so widely used, malicious links redirecting to spoofed Office 365 accounts is an easy way for criminals to steal credentials.”
In terms of the consequence of these threat, Macnair, finds: “With approximately 30 percent of these incidents causing direct financial damage, averaging £10,000 ($12,000) per incident, sports organisations need to adopt email security that combines content analysis, threat intelligence and executive name checking to efficiently protect themselves. Additionally, multi-factor authentication can help to protect compromised user accounts from being used for account takeover and other business email compromise scams.”
