Sporting events and venues are attractive targets for cyberattacks, as they involve high-profile participants, large audiences and valuable data. Threats can include data theft, ransomware, and disruption of critical services and infrastructure. To protect events, venues and individuals, cybersecurity experts need to assess their risk, monitor threats, and respond to incidents in a timely and effective manner.
Last year, Microsoft delivered cybersecurity support for the 2022 World Cup in Qatar, delivering cybersecurity defenses to 45 critical infrastructure facilities, including transportation, telecommunications, healthcare, and other essential functions. We performed more than 634.6 million secure authentications while providing human-led threat hunting and response support for more than 100,000 endpoints, 144,000 identities, 14.6 million email flows, and 4.35 billion network connections.
Our cybersecurity team operated under a defense-in-depth philosophy to inspect and protect customer devices and networks, as well as to monitor the behavior of identities, logins and file access. The team conducted risk assessments based on threat actor motivation, profile development, and response strategy. It also considered global threat intelligence on geopolitically motivated threat actors and cybercriminals.
The Microsoft team shared its learnings and best practices with other stakeholders involved in sporting events and venues, with information right-sized for teams, coaches, athletes, fans, sponsors, municipal authorities and third-party contractors. It emphasized the importance of collaboration and communication among all parties to prevent and mitigate cyberattacks.
Key takeaways from our experience include:
- Start with the problem: Identify the cyber risks that are relevant to the specific event or venue, such as data loss, service disruption or reputational damage.
- Clarify intent: Communicate the value proposition of the organization’s cybersecurity solution in a concise, compelling way to customers and partners.
- Know the customers: Understand the needs and expectations of customers and tailor the solution to their specific verticals and scenarios.
- Describe what success looks like: Define the metrics and outcomes that will demonstrate the effectiveness of the cybersecurity solution and how it will secure the customer experience.
- Deploy the plan and communicate progress: Practice responding to threats as they occur and keep stakeholders informed.
As large sporting events become increasingly desirable targets for threat actors, risks are on the rise from nation-states, which are often willing to absorb collateral damage from attacks if it supports broader geopolitical interests. Similarly, cybercriminal groups looking to leverage the vast financial opportunities that exist in sporting and venue-related IT environments will continue evolving their strategies.
User awareness and training programs are important in identifying and mitigating these risks and others. Programs should educate employees and stakeholders about cybersecurity best practices, such as recognizing phishing emails, using strong and unique passwords, and avoiding suspicious links or downloads. Additionally, organizations should partner with reputable cybersecurity firms to continuously monitor network traffic, detect potential threats in real-time and respond swiftly to any security incidents.
Following these cybersecurity tips, all parties involved in planning and executing major sporting events can safeguard their venues, protect their teams and delight their attendees to achieve smooth, secure, and successful experiences. With the 2024 Paris Olympics held next year, organizations involved with developing the event should take proactive measures to protect their data, systems, and networks from cyber threats.
Justin Turner, principal group manager, Microsoft Security Research