Leading cybersecurity researchers including Microsoft, the UK’s National Cyber Security Centre (NCSC), and GlobalData have warned that sport will become an increasingly common target for cyberattacks.
Recent research by GlobalData forecasts that cybersecurity revenues will reach $344 billion worldwide by 2030. GlobalData’s ‘Cybersecurity in Sport (2023)’ report also names IBM, Planatir, Forcepoint, Thales, and Broadcom as some of the thematic leaders in the cybersecurity space, which sports clubs and franchises are repeatedly calling on amid a slew of high-profile hacks on major organizations.
Tech giant Microsoft, which ran cybersecurity for the 2022 FIFA World Cup in Qatar, says there are several factors making sport more vulnerable to “widespread or opportunistic” cyberattacks in a report released in August.
The global sports market is already valued at more than $600bn. As the amount of money pumped into the sporting world grows larger by the year, cyberattacks in the industry are lucrative and attract major media attention – ticking both boxes for hackers.
Meanwhile, additional research points to a rising trend of cyberattacks, and, in response, cybersecurity. A report from the NCSC in 2020 found that 70% of sports organizations experience at least one attack per year, which represents more than double the average for UK businesses.
Ransomware hacks on the Houston Rockets and Manchester United
The NBA’s Houston Rockets were subjected to a ransomware attack in April 2021. While the Rockets stated during the investigation that there were no signs to indicate that any sensitive data had been stolen, hacker group Babuk claimed on its dark web page that it had extracted 500GB of data belonging to the team, including financial data, non-disclosure agreements, and contracts.
Babuk said that the data would not be returned until a significant ransom was paid and threatened to leak it all publicly. The Rockets later stated that they would notify anyone whose personal data might have been affected, but there were no further developments on the story, indicating that it was likely a bluff on the part of the group.
Across the Atlantic, English soccer giants Manchester United had been hit with a similar ransomware attack in November 2020.
The club website and app, however, did not suffer any technical issues. There were also no reported breaches of members’ or fans’ personal data, likely due to Manchester United keeping a safe backup of all its files on a cloud system, which significantly decreases a hacker’s leverage should they obtain confidential information.
While these efforts were unsuccessful, ransomware attacks have often been considered the most dangerous and devastating kind of cyber-crime. In 2021, the EU Agency for Cybersecurity went as far as to label the current decade as the “golden era of ransomware”.
The Russian example
EU involvement illustrates the geopolitical side to cybersecurity – above all in sports, one of the most geopolitically charged arenas in which global powers enact rivalries.
Back in 2018, the Russian state-sponsored hacking group, Fancy Bear, began a campaign to discredit and disrupt the 2018 South Korea Winter Olympics. The group released dozens of emails claiming to be stolen from anti-doping officials working for the IOC, the US Olympic Committee, and other third-party groups.
This email leak took place just three weeks after Russia was officially banned from the games, following the uncovering of a massive state-sponsored doping program among Russian Olympic athletes. The aim was to discredit the investigation and make the IOC’s motivation of banning Russia into a political statement. `
Conclusive evidence of Russian doping offenses and Russia’s previous history of attempting to sway public narratives through hacking meant that most Olympic officials entirely ignored the fabricated campaign.
With the value of the global sports industry only projected to rise, and geopolitical pressures on sport expected to heighten, leading companies are ramping up cybersecurity efforts in line with expert advice.
