Microsoft warns sporting events could be targets for major cyberattacks

 Sophia Smith #11 of the United States scores a goal and celebrates during a game between Germany and USWNT
(Image credit: Photo by Brad Smith/ISI Photos/Getty Images)

Microsoft has offered up some salient advice on how organizations, particularly those involved with large sporting events, should protect themselves and attendees. 

In the fifth installment of its Cyber Signals report, the tech giant offers insight into how threat actors manage to breach venues, teams and infrastructure of popular sporting events.

It comes at a crucial time, with the FIFA Women's World Cup currently taking place in Australia and New Zealand, and a survey conducted the UK's National Cyber Security Centre (NCSC) found that 70% of sporting organizations it surveyed suffer at least one cyberattack per year. 

Unique challenges

The Cyber Signals report notes that valuable information associated with sporting events is at greater risk now more than ever, thanks to the increase in the number of interconnected networks and devices at venues. 

It adds that IT systems at these venues have their own vulnerabilities, both known and unknown, which threat actors can exploit to infect systems with malware and steal information.

The sorts of information that can be stolen include point of sale data, personal data from visitor's devices, which can be gained through breaching companion apps and wireless hotspots, as well as proliferating QR codes with malicious URLs.

Sports teams themselves are also a target, as they have data relating to athletic performance as well as personal information on individuals that may be worthwhile to a hacker.

The report also notes that Microsoft helped to protect IT infrastructure at the 2022 FIFA World Cup in Qatar, with its Defender Experts for Hunting team conducting risk assessments and developing cybersecurity defenses for facilities and organizations. 

Microsoft also says that the nature of sporting events present their own unique challenges not seen in other environments. They often happen quickly, and many vendors and organizations come together and access fundamental networks on a temporary basis, so there isn't much chance to evaluate and refine the security posture. 

Venues also need to consider the risk to privacy that comes with a cybersecurity presence, so it needs to be taken into account whether setting up this infrastructure will contravene such privacy policies in place.

Microsoft recommends that everyone at sporting events, from the venue itself to the teams and associations must take cybersecurity seriously. They should use multi-layered protection, including firewalls, intrusion detection and prevention, and strong encryption protocols to protect networks.

Audits and assessments must be carried out regularly too, to ensure that any weaknesses are swiftly dealt with. 

Lewis Maddison
Reviews Writer

Lewis Maddison is a Reviews Writer for TechRadar. He previously worked as a Staff Writer for our business section, TechRadar Pro, where he had experience with productivity-enhancing hardware, ranging from keyboards to standing desks. His area of expertise lies in computer peripherals and audio hardware, having spent over a decade exploring the murky depths of both PC building and music production. He also revels in picking up on the finest details and niggles that ultimately make a big difference to the user experience.