A report by the National Cyber Security Centre (NCSC) released on July 23, 2020, revealed that at least 70% of sporting organizations and teams in the UK had suffered a cyberattack in the past year.
The report issued a warning that football teams in the UK are at an increased risk of ransomware attacks and phishing campaigns, with a recent incident highlighting this concern.
A few days ago, an unnamed English Football League (EFL) club was attacked by hackers, who encrypted all its security and corporate systems. They demanded 400 Bitcoin ($3.8M) to release the decryption key, which the owners of the club refused to pay.
The hackers then retaliated by immediately encrypting the club’s send user devices as well as some of the club’s servers, which left officials unable to use corporate email.
The NCSC believes that the hackers gained access to a club director’s email account as discussions were going on over selling a player to another European club, which enabled them to siphon his username and password.
The club has now hired a new IT manager, and they have updated their systems and workflows to minimize potential damage from any future attacks.
Cyberattacks Cost Sporting Institutions £10K per Attack
The report revealed that about 30% of the hacking incidents on sporting institutions have resulted in direct financial averaging £10K per attack, with the biggest single loss recorded amounting to about £4m.
“Our findings show that the impact of cybercriminals cashing in on this industry is very real,” stated Paul Chichester, operations director at the NCSC.
The advice for UK sports institutions to stay alert for cyberattacks comes at a time when many clubs are having financial issues amid the novel Covid-19 pandemic that has forced some sports fixtures to be cancelled and matches to be played in empty stadiums.
The prospect of losing more funds due to surging cyberattack incidents could, therefore, cripple most clubs financially.
How Can Sporting Institutions Mitigate Cyber Attacks?
To halt cyberattacks, the NCSC report recommends that sports institutions should swiftly put in place ample email security controls.
Organizations should also ensure that staff receive cybersecurity training and that cyber-risk management is taken seriously at all levels. They should also segment their networks to make it more difficult for an attack to affect multiple systems.
Sports clubs should also ensure that all systems are fitted with the latest security updates to deter hackers from capitalizing on known vulnerabilities.