A partner of the Sport & Recreation Alliance, Microtrading is the leading IT service provider to the UK’s sport and recreation industry, and also supports a number of Active Partnerships. We’re keen to advise and protect our clients within the industry and believe it’s incredibly important for us to share security advice tailored to sports organisations.
With the sporting industry worth over £37 billion to the UK economy, this makes it a target sector for cybercriminals looking to exploit any individuals and organisations with potentially weak security provisions.
Dependencies, vulnerabilities and assets
In creating a strategy that can keep you, your team and your stakeholders safe, it’s important to know what vulnerabilities within your organisation a cybercriminal might be looking to exploit.
There are a number of digital resources that a typical sporting organisation will rely on to deliver their service. These are potential entry and pressure points for a cybercriminal, which need to be managed and protected appropriately. They include:
- IT infrastructure and devices
- Online accounts
- Social media
All of these could be successfully attacked due to a weak password. Don’t make that mistake, passwords are the first line of defence for so much of your IT. To read up on the best policy and strategy for your organisation’s passwords, read our best practice guide.
A survey undertaken by the National Cyber Security Centre asked sporting organisations about the software, online accounts and devices they use. The findings below should draw your attention to the ones you use and what you should be protecting.
Cybercriminals depend on being able to exploit a weakness in your organisation – be that technological or personnel-based.
- Weak IT security provisions: cybercriminals seek to find flaws in your firewall, antivirus and software updates, and their management. They may also, for example, bet on you not having the ability to neutralise a denial-of-service attack – this would need you to have a backup and disaster recovery plan.
- Staff: the majority of successful cyberattacks involve human error, which is why a cybercriminal may look to exploit a lack of cyber security awareness in your team. That’s why providing your staff with cyber security awareness training is so important.
There are various organisational assets that are attractive to a cybercriminal. As a sporting organisation, you will likely have at least one that a cybercriminal might want to take from you.
- Data: as a sports organisation, you will hold a variety of data. Cited as ‘the new oil’, data can be incredibly valuable in many ways. The most obvious would be its actual sales value. If you hold personal details for a large number of your stakeholders, a cybercriminal might want to steal your data to sell on the black market. They may also want to obtain your data in order to blackmail you – either by removing it and holding it for ransom, or by taking a copy of it and threatening to use it unless a fee is paid. Which brings us nicely onto…
- Money: a bit obvious, but yes, a cybercriminal may look to obtain money directly from you in the form of blackmail by holding your systems and/or data to ransom – by denying you access. What might attract a cybercriminal to try and extract money from you varies. It might be as simple as they’ve deemed you to be a cash-rich organisation or that they believe you’d have no other option but to pay in the event of a denial of service attack. Warning, it might even be much simpler than that. If a cybercriminal can successfully attack a bank account linked to your organisation, through an online banking system, large sums of money could simply be theirs for the taking.
- Identity: one of the most valuable things you have as an organisation or an individual is identity. Plenty of cybercrime takes place in order to subsequently commit identity fraud and, if a cybercriminal can obtain enough information, they could assume the identity of a team member or even one of your stakeholders.
Trends in cyberattacks
We’ve already covered a few ways in which cybercriminals might look to exploit you in their cyberattacks, but here are some of the most prevalent trends:
- Phishing: we’ve talked a lot about phishing in the past. It’s a technique used to obtain important information – be that personal details or login credentials – by tricking the user. Phishing has been around for a very long time now, but it’s still going on and, sadly, it still works! Cybercriminals have become more sophisticated and aggressive in their approach, often abusing the trust a user might have towards a certain brand / entity by masquerading as them.
- Spear phishing: this is phishing taken to another level. Heavily targeted and utilising the most sophisticated techniques, it’s usually used to attack more senior team members. Spear phishing tends to involve a more convoluted journey for the user, to gain more trust and more information. Cybercriminals will sometimes create what will feel like an authentication process – perhaps over multiple devices, maybe with a phone call, for example. The overall attack is more persuasive and manipulative but also realistic. For more information, please see our Phishing Guide.
- Password spraying: this is why using ‘password01’ really won’t be OK. Password spraying involves using a program to try a list of some of the most common passwords against a vast array of email accounts in order to log into a variety of popular services. In truth, it shouldn’t be possible to create a list of ‘The Most Common Passwords’, because we should be using login credentials that we’ve tailored to be unique. For more on how to approach passwords in your business, check out our password policy guide.
A recent survey conducted by the National Cyber Security Centre amongst sporting organisations asked respondents what kind of attacks their organisations had received. Here are the findings:
How do I protect my organisation better from cybercriminals?
So, what are the solutions to protecting you from all of this?
It’s important to understand that, due to the nature of IT and cybercrime, you can never truly, totally protect your organisation. However, there are several strategies that will make your organisation, your team and your stakeholders safer and at far less risk of a catastrophic cyberattack. With all that in mind, our top recommendations include:
Cyber security awareness training
It’s something we’ve already mentioned above and we’re recommending this before anything else. Throughout this article, you can see that so many of the techniques that cybercriminals employ are dependent on human error.
It’s time to say ‘goodbye!’ to those human errors, whether it’s poor password etiquette or falling for the deception of a phishing attack. With Cyber Security Awareness Training, you can empower your staff to keep themselves and your organisation so much safer.
Anti-virus and web security
The next generation of technology to tackle malicious software utilises AI and machine learning to identify suspicious behaviour in programs accessing your network. Called ‘Endpoint Detection and Response’ (EDR), this technology can help your business stay safe against the newest in cyber threats. It can even tackle threats that have yet to be identified by antivirus manufacturers. For more information, read our recent article on EDR.
Backup and disaster recovery
Fail to prepare, prepare to fail. A backup and disaster recovery plan is effectively an insurance policy for your IT. With a secure and reliable backup of your data – that is regularly updated – you’re able to retrieve your data following both catastrophic and minor data loss events. This can be incredibly useful if your data is targeted by a cybercriminal.
Managing your IT
IT needs looking after. There are numerous elements that, when properly monitored and taken care of, will increase the security of your IT. Updates are one such thing that must be managed. When a software manufacturer releases an update to repair a flaw in the software, you need that update rolled out across your infrastructure to prevent that flaw from becoming a vulnerability.
How Microtrading can help?
As experts in this field, Microtrading can offer you a truly comprehensive range of services to strengthen your cyber security and make your organisation safer.
Cyber Security Awareness Training
We can offer you such a service through our cyber security awareness training platform. This helps you to develop a positive culture where risks are recognised and understood. It uses bite-sized, interactive training, everyday scenarios, and role play (real gamification!) to bring cyber security and it’s prevention to life – engaging the user and improving retention of information!
Endpoint Detection & Response
We can assess your IT security and supply, install and support EDR for your IT infrastructure. We’ll install the software, configure it in accordance with your needs and monitor your system on an ongoing basis – reporting and acting on any events that may take place.
Backup and Disaster Recovery
We can provide you with a Backup and Disaster Recovery plan that you can depend on whenever small things or big things go wrong. Typically, when we meet a new client, their backup strategy is vastly inadequate for their needs, and they’re not testing it either. So, should they need to rely on it, it may be unusable. We’ll transform that for you – so you have the peace of mind that comes with effective Backup and Disaster Recovery.
Managed IT Support
We can provide you with proactive managed IT support that significantly enhances your IT security. We identify and deal with thousands of IT issues for our clients every month, and our Managed IT Services can decrease the overall IT support costs of sporting organisations by as much as 50%.
We’ll conduct 24/7 system monitoring, manage all the updates – so that your applications have the patches they need to be secure – and provide you with our invaluable Help Desk facility.