Cyber attacks are a sustained threat for all organisations and events, no matter how big or small.
There is no better example of this than the Tokyo Olympics, as constant threats lingered throughout. A Japanese government official has been reported as saying that the personal data of ticket holders, as well as event volunteers, has been leaked online. If true, potentially this means that usernames, passwords, and even personal data including names, addresses and bank account numbers could have been compromised.
WSA partners Sport:80 have identified specific attacks and steps sports organisations, governing bodies and event organisers can take to minimise the threat.
DDoS (a distributed denial of service)
Designed to cripple power systems, DDoS is a malicious attempt to disrupt the normal functioning of a service, in which hundreds of sophisticated bots are deployed which all work together to prevent customers/audiences from accessing your services. The classic example of this is the creation of a flood of traffic to a website or service which it can’t deal with. There are many companies that specialise in solutions that protect against DDoS attacks. If your digital ecosystem is at risk, invest in one. At Sport:80, they use Cloudflare which essentially creates a buffer for your digital property.
Phishing
The most prevalent examples of phishing are when cyber criminals assume the identity of a trusted individual, organisation or source that is requesting access to sensitive information. In short, though, they are a channel to encourage account holders to input their personal logins, exposing their credentials to a disreputable third party in the process. This is very much on the rise, and we have seen a significant increase in phishing emails which attempt to impersonate Microsoft 365 to obtain passwords.
Simple steps can be effective, like not opening emails and attachments from suspicious sources; using multi-factor authentication; being sceptical about attractive offers – if it seems too good to be true, it probably is, and finally keep your antivirus software updated.
In terms of best practice, Sport:80 recommend company-wide security policies including device management, use of password managers, two factor authentication, and keeping devices up to date. Consider the use of high-grade cyber security software that is proven to reduce the risk of attacks; implement additional levels of security for web services (like Cloudflare and others) and, if necessary, conduct annual penetration tests aimed at identifying security flaws in your infrastructure. But with the sophistication of cyber-attacks increasing all the time, it’s important to keep up to date with the latest attempts.
Ransomware
A form of malware usually delivered through malicious spam emails or advertising which encourages individuals to follow links or download attachments. Cyber experts have been warning of the risk of Ransomware activities during the Tokyo Olympics. Once activated, the Ransomware will encrypt access to files and threaten to publish or block access to data, or a computer system. The cyber-criminal will only remove the encryption if the victim pays a ransom fee.
The best way to deal with Ransomware is to prevent it from taking hold in the first place, meaning not falling into the traps that are set. There are several ways in which you can combat Ransomware:
1. Invest in cybersecurity/anti-virus software that is proven to prevent Ransomware attacks.
2. Create back-ups of data using cloud storage which has high levels of encryption and two factor authentication.
3. Keep devices and software up to date – many attacks occur because of vulnerabilities in old versions of operating systems and software.
4. Use an email client that has a strong spam filter which identifies and quarantines malicious spam and allows for encrypted emails to be sent.
5. Educate your staff so they create strong passwords and can quickly identify and remove malicious content if it slips through the net (including social engineering – more below).
It’s not possible to say that even putting in place all these preventative measures would completely eradicate the problem, because if cyber criminals are determined to get into systems, they’ll probably do so. But this will undoubtedly make it harder for them. The bottom line for your organisation, regardless of its size or scope of activity, is when it comes to protection from cyber-attacks, make sure you’re always as prepared as you can be.