Sports organisations urged to implement cyber security measures to prevent cyber criminals cashing in on lucrative industry. NCSC’s first analysis of threats to the sports industry finds at least 70% of institutions suffer a cyber incident in just 12 months …. Reports London Daily Newsdesk
THE sports sector has been urged to tighten its cyber security after experts revealed a range of attacks by hackers including an attempt to sabotage a Premier League transfer deal.
The National Cyber Security Centre’s first ever report on threats to the sports industry has revealed it to be a high-value target – at least 70% of major sports organisations suffer a cyber incident every 12 months, more than double the average for UK businesses.
One incident revealed in the Cyber Threat to Sports Organisations report involved the emails of a Premier League club’s managing director being hacked before a transfer negotiation. As a result, the £1m fee almost fell into the hands of cyber criminals.
Other incidents included an attack which brought the turnstiles of a football club to a standstill and almost led to the cancellation of a match, while a member of staff at a racecourse lost £15,000 in a scam involving the spoofing of eBay.
As the sports sector recovers from the impact of the coronavirus pandemic and continues to plan for the future, the NCSC is urging organisations to consider the findings of its report and follow its advice, such as putting in place security controls – often at low cost – and backing up data.
“Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar,” said Paul Chichester, Director of Operations at the NCSC. “While cyber security might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cyber criminals cashing in on this industry is very real.
“I would urge sporting bodies to use this time to look at where they can improve their cyber security – doing so now will help protect them and millions of fans from the consequences of cyber crime.”
“Improving cyber security across the sports sector is critical. The British Olympic Association sees this report as a crucial first step, helping sports organisations to better understand the threat and highlighting practical steps that organisation should take to improve cyber security practices,” said Sir Hugh Robertson, Chair of the British Olympic Association.
“The issue of cyber security is one all sports, including Rugby League, take seriously. As we grow our digital capabilities and online platforms, protecting the governing body, our members, customers and stakeholders is paramount,” said Tony Sutton, Chief Operating Officer at Rugby Football League. “We welcome the NCSC Report and the guidance it offers the sports sector.”
“The UK boasts a world-beating sport sector and I am pleased the NCSC is supporting the industry to protect customers and minimise online risks through our National Cyber Security Strategy,” said Digital and Sport Secretary Oliver Dowden.
The cyber incidents highlighted in the report include:
During a transfer negotiation with an overseas football team the email address of the managing director of a Premier League club was hacked by cyber criminals. Only a late intervention from the bank prevented the club losing almost £1 million.
An employee at an organisation which holds athlete performance data had their email address compromised, allowing the hackers access to sensitive information over several months.
An English Football League (EFL) club suffered a significant ransomware attack which crippled their corporate and security systems. As a result of the attack the CCTV and turnstiles at the ground were unable to operate, almost leading to a fixture cancellation.
A member of staff at a UK racecourse identified an item of grounds keeping equipment for sale on eBay, and agreed to a price of £15,000. The sale turned out to be fraudulent – a spoofed version of eBay had been created and the staff member was unable to recover the funds.
In the report, the NCSC has identified three common tactics used by criminals to assault the sector on a daily basis, which are: business email compromise (BEC), cyber-enabled fraud, and ransomware being used to shut down critical event systems and stadiums.
Amongst the findings – which have been published on the NCSC website – were:
Approximately 30% of incidents caused direct financial damage, averaging £10,000 each time; the biggest single loss was over £4 million
Over 70% of those surveyed have experienced one cyber incident or breach in the past year – 30% have recorded over 5 incidents during the same period
Over 80% have online business systems – such as ticketing – which process thousands of financial transactions
Approximately 40% of attacks on sports organisations involved malware. A quarter of these involved ransomware.