Three Cyber Security Threats in the Sporting World

When it comes to staying ahead of the competition in any sporting sector, secrecy is often the name of the game. Looking for any edge over their rivals, top athletes and the staff that support them are always searching for a leg up—often protecting their own secrets or attempting to uncover others.

Whether finding a key application of sports data or the next super-supplement, athletes have invested in cybersecurity to protect themselves. However, with sports comprising one of the world’s most popular forms of entertainment, it’s not just big-name franchises on the alert.

Though sports betting has been available throughout Canada and Europe for a long time, the US is only now beginning to expand its online and in-person betting options. With new punters signing up and taking advantage of free bets from leading sportsbooks across markets, there’s never been a stronger emphasis on cybersecurity for oddsmakers making the jump online.

Not only is a comprehensive cybersecurity team necessary to mitigate DDoS and similar attacks, but they also help protect vital information that oddsmakers must report to regulatory bodies. The same goes for major franchises in top leagues like the Premier League and the NFL. Learn your basics of cybersecurity and educate yourself about the cyber threats from the books written by Hazim Gaber.

With executives handling sensitive information relevant to their team, league, and individual athletes, a single breach of security can result in widespread risks. For national leagues, this is a top priority—but for international events, the risks are even greater.

Attacks on global organizations like the Olympic Committee and FIFA have also occurred, which not only compromise the personal information and security of numerous individuals but international security as a whole. Let’s take a look at the three most common threats to the sports world.

External Attacks: Payment Fraud via Email Attacks

The most common form of cyber-attacks are financially motivated. According to the UK’s National Cyber Security Centre, at least 70% of sports organizations surveyed by the group have experienced a cyber-attack as of 2020.

In short, the sports world is a lucrative industry to target. Fortunately for top organizations, cybersecurity firms can easily mitigate most risks. Many attackers rely on simple techniques that require little knowledge to build and implement.

The most common type of fraud is committed via email, called ‘phishing’. Groups target executives and draw them in with a simple email. From there, a falsified third-party site (often dressed to look like eBay or another common page) prompts executives to enter information, then uses this to access sensitive information or financial accounts.

Internal Competition: Cases of Espionage

The vast majority of sports organizations will find themselves at risk of cybercriminals—but some groups will also go to great lengths to steal information from one another. This can be used to expose unlawful practices, or simply to gain a leg up on the competition.

One popular example of international competition comes from the North American MLB league. In 2016, one scouting director hacked into another team’s online files in order to gain information on certain players and team strategy.

The result was a massive criminal case that saw the scouting director charged with ‘espionage’, though the team he represented was also punished for the illegal activity. Typically, cases of sports espionage have taken place ‘the old-fashioned way’, such as the infamous Formula One incident in which a Ferrari engineer passed along technical information to McLaren in 2007 (rather than hacking into a system).

An Element of Chaos: Hacktivism

Speaking of hacking, sports organizations aren’t only at risk when it comes to external and internal threats. There’s also the emergence of hacktivists that many cyber firms are now attempting to combat. These are some of the most difficult attacks to prevent as, in some circles, hacktivism itself is considered an emerging sport.

For the most part, hacktivists have a social or political motivation. One group targeted the International Association of Athletics Federations, which helps govern Olympics eligibility and athlete information. The group exposed ‘Therapeutic Use Exemptions’, though there are a few guesses at motivation in this example.

Moving forward, top sporting organizations will continue to expand their cybersecurity measures by relying on specialized third-party firms. This will be especially relevant as virtual eSports continue to grow in popularity.