Global Events Under Siege from Cyberattacks

https://ncs4.usm.edu/wp-content/uploads/2022/07/stadium-cyber-considerations.pdf

In events like the World Cup?, the Olympics, and sporting events, familiar cyber risks emerge in distinctive ways, often less noticeable than in typical enterprise environments. These events can come together rapidly, with new partners and vendors gaining enterprise access and shared networks for a specific duration.

The temporary nature of connectivity at some events can complicate the establishment of visibility and control over devices and data flows, creating a false sense of security that "temporary" connections pose a lower risk.

Event systems may encompass team or venue websites and social media, registration or ticketing platforms, game timing and scoring systems, logistics, medical management and patient tracking, incident tracking, mass notification systems, and electronic signage.

Sports organizations, sponsors, hosts, and venues must collaborate on these systems to create cyber-smart fan experiences. Moreover, the massive influx of attendees and staff, who bring their data and information through personal devices, expands the attack surface.

Critical Cyber Dangers for Big Events

Connected Video Boards and Digital Signage:

Disable any unnecessary ports, and ensure proper network scanning for rogue or ad hoc wireless access points. Update and patch software, and use applications that provide a layer of encryption for all data.

Wi-Fi Hotspots, Mobile Apps, and QR Codes:

Encourage attendees to (1) secure their apps and devices with the latest updates and patches, (2) avoid accessing sensitive information from public Wi-Fi, and (3) steer clear of links, attachments, and QR codes from unofficial sources.

Point of Sale (POS) and Wider Commerce Systems:

Ensure POS devices are patched, up to date, and connected to a separate network. Additionally, attendees should be cautious of unfamiliar kiosks and ATMs and limit transactions to areas officially endorsed by the event host.

Stadium Access and Infrastructure Equipment:

Develop logical network segmentations to create divisions between IT and OT systems. Limit cross-access to devices and data to mitigate the consequences of a cyberattack.

Recommendations:

• Provide security teams with upfront information about critical operational needs during events to enhance response planning for both IT and OT environments, ensuring venue infrastructure and attendee safety.
• Preconfigure systems, conduct thorough testing and prepare for rapid deployment by IT teams to prevent adversaries from exploiting poorly configured networks at large events. Assess privacy risks and educate attendees on basic cybersecurity practices to reduce vulnerabilities and exposure to data breaches and social engineering attacks.
• Attendees should follow event guidelines, connect only to official Wi-Fi networks, avoid unauthorized access to infrastructure equipment, promptly report suspicious activity, protect their devices, and stay informed about cybersecurity measures.

[email protected]