Cybersecurity incidents are constantly on the rise, with many threat actors launching targeted or widespread opportunistic attacks. In what effectively amounts to cyberterrorism, these acts are not limited to large companies and organizations as one might think, but extend to things like high-profile sporting events, heightening the risk for hosts, organizations, and attendees alike.
In a report from Microsoft, the cybersecurity threats to sporting events and their venues are “diverse and complex” and may lead to data breaches, intrusions, and critical infrastructure disruptions. Even more concerning is that “No two high-profile sporting events have the same cyber risk profile,” and that attackers might be after athlete information, attendant information, compromising point of sale devices, visitor devices, and more.
Regardless of what an attacker is after, every event differs based on location, participant demographics, size, and composition. This is evident with CISA’s work at the 2023 Super Bowl LVII, where the Region 9 team covered support for the event alongside the Department of Homeland Security. Preparation for a wide variety of things was included in these efforts, such as consideration of threats to critical infrastructure, like a cyberattack, or drone incursion, all of which helped to harden “physical, cyber and chemical security, and emergency communications capabilities.”
As far as Microsoft’s efforts in the field, the company monitored 45 organizations involved in tournament infrastructure, with 100,000 endpoints that purportedly had 634.6 million authentication attempts. This breaks down on average to around 6,340 attempts per endpoint, which is a decent quantity given that is an average across all endpoints, but it must be considered that certain endpoints that are more critical will be hit harder than others.
At the end of the day, the security of large sporting events is a complex and evolving situation that extends to the cyber realm. Between political or financial motivations by the threat actors and a differing environment for each event, it is not an easy fight. However, with proper security hygiene and support from Microsoft, the U.S. government, and other organizations, many risk factors can be mitigated.