Deciphering Security Trends in the Sports Sector
Just like defensive skills are necessary to fend off competitors in combat sports, it has become equally important for sports organizations to protect their data and systems from a variety of cyber threats. In recent years, the sector is witnessing a surge in cyberattacks, affecting teams, leagues, and even individual athletes.
A preview of recent cyber threats
- A security lapse at Town Sports International affected almost a terabyte of sensitive data belonging to its customers. The unprotected server in question was exposed for almost a year before the firm took it offline.
- ArbiterSports paid off hackers to delete the stolen details of 540,000 sports referees. The database in possession of threat actors contained data from ArbiterGame, ArbiterOne, and ArbiterWorks web application.
A potential target for BEC fraud
- Apart from cyberattacks, sports clubs are a lucrative target for BEC scams wherein fraudsters try social engineering tricks to conduct fraudulent wire transfers or exfiltrate sensitive data.
- In July, fraudsters attempted to steal nearly $1.25 million on the pretext of transferring a player in the English Premier League.
Security issues in fitness apps add more woes
- Amid the ongoing pandemic, fitness, and gym mobile applications have gained huge traction among gym enthusiasts and athletes. With the rising popularity, these apps are an easy target for threat actors as they possess a huge trove of sensitive user data.
- In a recent security incident, researchers discovered a privacy issue in Strava, a popular fitness app used by athletes, that exposed users’ information to nearby strangers. The issue stemmed from the information-sharing feature in the app.
- In mid-August, around dozens of fitness and gym apps using the vulnerable Fizikal API were found exposing personal data of thousands of users. Additionally, the vulnerabilities could be exploited to hijack an app account.
It is very clear that sports organizations are just like any other sector when it comes to cyberattacks and threats. The motives behind cyberattacks on sports organizations vary widely, ranging from industrial espionage, sabotage to simply identity theft. Therefore, cybersecurity is of ever-increasing importance for sports organizations - from grassroots clubs holding personal data to national organizations hosting and participating in global sporting events. Losing access to data or technology can have a significant impact on these organizations, resulting in data breaches, fraudulent loss of funds, and disruptions in event delivery.