Cybersmart for Sporting and Entertainment Events


Microsoft has released its fifth instalment of Cyber Signals – a cyber threat intelligence brief on the state of the cybersecurity landscape.

This edition focuses on high-profile or large sporting and entertainment events, especially those in increasingly connected venue environments, which can introduce cyber risk for organisers, regional host facilities, and attendees.

With the ongoing FIFA Women’s World Cup breaking attendance records and expecting up to 1.5 million attendees across the competition and a marquee summer line-up of music events, including Taylor Swift and Coldplay, cyber threats loom large. And these threats are diverse and complex.

They require constant vigilance and collaboration among stakeholders to prevent and mitigate escalation, and with the global sports market valued at more than USD 600 billion, the target is rich.

Sports teams, major league and global sporting associations, and entertainment venues house a trove of valuable information desirable to cyber criminals.

Information on athletic performance, competitive advantage, and personal information is a lucrative target.

Unfortunately, this information can be vulnerable at scale, due to the number of connected devices and interconnected networks in these environments.

Often this vulnerability spans multiple owners, including teams, corporate sponsors, municipal authorities, and third-party contractors.

Teams, coaches, athletes, and fans are also vulnerable to data loss and extortion.

“Australia is no stranger to hosting a wide variety of global, high-profile sporting and music industry events. The increasingly digital nature of these types of events – from ticketing, point of sale systems, and interactive fan experiences, to athlete and team information and performance analytics – can create a target-rich environment for threat actors. The risks could be anything from criminals seeking to access information for financial gain, through to issue-motivated groups using the high-profile nature of the event to push their narrative and agenda,” says Mark Anderson, National Security Officer for Microsoft ANZ.

“This report shows how large and complex these events can be – Like in last year’s State of Qatar’s hosting of the FIFA World Cup where there were over 100,000 endpoints (mobile phones, computers, tablets, point of sale systems etc),144,000 identities and over 14 million emails to be protected. The responsibility for keeping these events safe does not rest solely with the organisers of these events. Every participant, attendee, employee and volunteer collectively has a role to play in defending against cybercriminals. For attendees, this means being vigilant about scams related to the event, while organisers must ensure the safety of the systems that support the event and be rigorous around how they protect and use the data needed to operate these events.”

You can read the full report here.