Info@NationalCyberSecurity
Info@NationalCyberSecurity

Learnings for the sports industry | #hacking | #cybersecurity | #infosec | #comptia | #pentest | #ransomware


Tech

Cybersecurity experts offer advice to teams and leagues looking to best protect themselves against the growing threat of data breaches.

PAU BARRENA/AFP via Getty Images

Sports entities run on data, from the field, where performance is monitored, to the mobile device where fan information fuels personalized experiences. To ensure that data is secure, teams and leagues must not only invest in methods of collecting and activating data but also to protect it.

AT&T’s recent breach of social security numbers and passcodes from 73 million former or existing customers may impact a separate industry. But it is also a cautionary tale that presents universal learnings.

Pete Nicoletti, Global CISO of the Americas for cybersecurity firm Check Point Software Technologies – which works with several teams, including the Denver Broncos – flagged the dynamic of AT&T’s breach possibly falling at the feet of a third party as particularly noteworthy (the telecom giant said in a statement that it does not yet know if the data “originated from AT&T or one of its vendors” and is investigating the matter).

Potential dangers of co-mingling data

Drawing a parallel to sport, Nicoletti called our time the moneyball era in artificial intelligence, a “gold rush” where those that best leverage their data can gain a competitive advantage. This is certainly true in sports, where use-cases like automating outreach to sales leads have tangibly streamlined operations for teams. But Nicoletti cautioned that the use of third-party AI applications like ChatGPT introduce new privacy concerns, primarily through what he calls the “co-mingling” of data.

“In other words, I’m sharing my data, I’m posting my proprietary information and it’s improving the model, right?” Nicoletti said. “That’s what happens when you add more and more large language to the model. You’re improving the model for other people. So, you have to look at your agreement and say, ‘What are the risks of me using this third-party data processor? Are they co-mingling my data? Are they making their model better for competitors? How are they protecting my data?’

“All of these things that we just saw with [the AT&T breach] are being compounded and accelerated with AI tools being leveraged by sports teams and other companies that are looking for that return on investment.”

Sports properties face the same cyberthreats as any business – such as ransomware attacks – but also have unique risks to consider, added Gaidar Magdanurov, president of Acronis, which works with dozens of pro teams including the Boston Red Sox and Sacramento Kings. One less-common use-case is in data modification, where hackers corrupt algorithms used by teams to evaluate performance. Phishing attacks have also grown more potent with the proliferation of generative AI, and Magdanurov noted increased risk when cybercriminals tap into the emotional response of fans by, say, impersonating their favorite team.

Underscoring all is the fact that varied data buckets are inherent to sports – athlete data, business intelligence data, fan data and more are all essential, but may be housed in different places and accessible to different users. Nicoletti and Magdanurov agreed that, in their experience, sports teams and leagues can do a better job of investing in cyber protection.

Time is now for security practice upgrades in sports

“What I see with sports teams is not quite that level or, not only percentages [of revenue], but also emphasis on the IT program and the security program with most enterprises,” Nicoletti said, citing budgetary and seasonal calendar considerations. “But then on the flip side there’s also increased risks that a normal company doesn’t have… whether it’s a nation state going after Olympics, or whether it’s ransomware franchises going after Super Bowls.”

“I don’t want to make a generalization here, but usually people working [in the sports industry] are not as IT-savvy, not as well-trained in IT, and also they want to have everything right here and now,” Magdanurov said. “Imagine you’re a baseball coach and need access to data – you don’t want to have two-factor authentication, you don’t want to have to go through hoops to get access, you want it now. That mentality actually allows attackers to leverage that.”

As far as solutions for those looking to stress test their security practices in the wake of the AT&T news, Nicoletti offered a spin on the “honey pot” cybersecurity method based around what he calls a honey token – a decoy record within a database that businesses can monitor, making it easier to attribute the source of a breach in the event of one.

Magdanurov’s advice to teams and leagues looking to best protect themselves was multifold. He stressed the importance of training one’s employees in cybersecurity best practices, keeping dialogue open with IT experts and deploying advanced cybersecurity methods like extended (XDR) and endpoint (EDR) detection and response platforms, as opposed to less sophisticated antivirus solutions. He also endorsed backing up email systems to use as evidence in potential investigations.

“Cybercrime is so widespread because it’s extremely hard to catch somebody – it’s extremely easy and cheap [to do], and the gain is extreme,” Magdanurov said. “One of the ways to prevent cybercrime is to make sure that those people who are doing that they are punished. And to punish them we need evidence.”



——————————————————-


Click Here For The Original Source.

National Cyber Security

FREE
VIEW