Defense is a critical part of many sports, but it’s also becoming essential for sports organizations that need to protect their data and systems from a variety of cyberthreats.
Cybersecurity is a crucial consideration for nearly every business and organization. In recent years, teams and leagues — even individual athletes — have become affected by this development. The motives behind cyberattacks on sports organizations vary widely, ranging from industrial espionage and sabotage to simple identity theft. Teams and sports leaders recognize that they are increasingly targeted by these threats, and they are taking steps to beef up their defenses and protect themselves.
Cyberattacks on Sports Organizations Come from All Angles
One of the most high-profile cyberattacks in sports occurred in 2013, when employees of the St. Louis Cardinals infiltrated the computer network of the Houston Astros. Using the credentials of a former Cardinals general manager who had moved to the Astros, the employees were able to steal proprietary information, including Astros player data and statistics, according to a 2017 report from Tufts University.
Political motivations appear to have been behind a 2014 attack on the World Anti-Doping Agency (WADA). The Russian government-sponsored hacker group known as Fancy Bear (which also has been accused of attacks on U.S. election security in 2016) reportedly stole and released the private medical information of 41 Olympic athletes. The attack was retaliation against investigations into the use of performance-enhancing drugs by Russian athletes, which resulted in some athletes being barred from the 2016 Olympic Games. The hackers gained access to WADA systems after a successful spearphishing attack.
The Milwaukee Bucks were also victims of a phishing attack in 2016, when a team employee sent personal tax information for team staff and players to attackers who reportedly spoofed the email address of Bucks President Peter Feigin.
Organizations Work Together to Address Cyberthreats
The significant number of cybersecurity incidents has increased the visibility of cybersecurity among sports organizations. In 2016, security professionals established an information sharing and analysis organization based in Colorado Springs, Colo., to address the issue. This sports ISAO monitors and reports on attacks aimed at sports organizations and sports-related data.
The organization supported the U.S. Olympic Committee at the 2016 Summer Olympics in Rio de Janeiro. It integrates cyberthreat intelligence information provided by the Department of Homeland Security and other sources and provides this data to sports organizations at the professional, college and high school levels.
How Sports Organizations Can Protect Themselves
As organizations in other industries do, sports teams and leagues should take steps to protect themselves against cyberattacks.
In a 2017 column in SportsBusiness Journal, Christopher LaVigne and Jeewon Kim Serrato of the law firm Shearman & Sterling recommended that sports organizations develop an incident response plan to quickly and effectively deal with breaches. “The best offense is a strong defense, and effective incident response plans are critical in helping the organization calmly navigate its reaction to a cybersecurity breach,” they wrote.
The 2017 Tufts report recommended steps that sports organizations can take to improve their security posture. These include:
- Routine security audits
- Encryption of all data transmitted over a wirelesses connection
- Robust authentication to authorize the use of data
- Security training for coaches, athletes and staff