SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
Story image
Rugy World Cup highlights needs for cybersecurity
Fri, 29th Sep 2023

The Rugby World Cup is currently taking place, during which teams, associations, and venues will share and process vast amounts of sensitive information which is extremely valuable to cyber criminals.

This, and other major sporting events, are extremely vulnerable to cyber attacks, especially from bad actors with financial motives.
GlobalData's newly released Cybersecurity in Sport report warns that sport will become an increasingly common target for cyberattacks. 

The world of sports is an extremely lucrative one and, therefore is a prime target for hackers as enormous sums of money and confidential information from this industry could be used for potential ransoms. While the word of sport has largely been able to keep these threats at bay, increasing sophistication from hacker groups may force adaptation to this.

With 70% of sports organisations experiencing a cyber incident per annum, major events such as the Rugby World Cup face an even higher threat. For example, many fall victim to spear-phishing, whereby usernames and passwords are obtained from staff and attacks are aimed at those in senior roles who can authorise financial transactions.
Niall McConachie, regional director (UK & Ireland) at Yubico, explains how sporting organisations can best prevent these phishing attacks with effective cyber security practices such as phishing-resistant multi-factor authentication.
"Previous business email compromises (BEC) around major sporting events underscore the urgency for enterprises to establish and enforce human-centric security best practices that are supported by modern phishing-resistant MFA," he says. 

"Traditional password-based authentication has proven insufficient in the face of these evolving threats, and as email-based phishing attacks grow in sophistication and targeting, even tech-savvy individuals can fall victim."
To effectively mitigate these types of attacks around major sporting events, McConachie says organisations should implement passwordless cybersecurity such as strong two-factor authentication (2FA) or MFA. 

"By removing the need for passwords, strong 2FA and MFA are more user-friendly and bridge the gap between personal and professional data security. Phishing-resistant FIDO2 security keys, for example, have proven to be the most effective option to keep businesses and people secure online," he says.
McConachie says Phishing-resistant MFA, that comes in the form of a FIDO2 security key, helps organisations better protect online accounts without relying on the user's vigilance. 

"Unlike conventional MFA methods vulnerable to phishing, this approach focuses on identity verification and intent through deliberate action," he says. 

"While common, passwords, SMS, OTPs, security questions, and push notifications are susceptible to various attacks. By adopting phishing-resistant MFA, sporting organisations can protect digital identities against evolving threats and safeguard sensitive information."