During a transfer deal, a Premier League club almost lost £1m and this was only halted because of an intervention by the unnamed club’s bank, reports the BBC. A report from the NCSC revealed that the attempted theft came about as a result of an email address hack; specifically, a hack of the Premier League club’s managing director email. Hackers also cut off the club’s security systems, and blocked turnstiles which almost lead to a fixture postponement.
The NCSC report found that: at least 70 percent of sports institutions suffer a cyber incident in just 12 months and it urged sports organisations to implement cybersecurity measures to prevent cybercriminals cashing in on lucrative industry.
Findings include:
- Approximately 30 percent of incidents caused direct financial damage, averaging £10,000 each time; the biggest single loss was over £4 million
- Over 70 percent of those surveyed have experienced one cyber incident or breach in the past year – 30 percent have recorded more than five incidents during the same period
- Over 80 percent have online business systems – such as ticketing – which process thousands of financial transactions
- Approximately 40 percent of attacks on sports organisations involved malware. A quarter of these involved ransomware.
In an email to IT Security Guru Stuart McKenzie, senior vice president of Mandiant Services EMEA at FireEye commented, “The risk to sporting organisations should be high on their risk register, but in all likelihood, it’s under prioritised, which is concerning as the huge amount of revenue that many of them generate means they are a very lucrative target. Aside from financially motivated attacks, major sporting events such as the FIFA World Cup and the Olympics present a high profile opportunity for nation-state attackers to embarrass host nations. Events such as these are key political tactics to disrupt competitions and cast doubt on the host nation’s technical ability to host these major events.”