<iframe src="https://www.googletagmanager.com/ns.html?id=GTM-P36XLWQ" height="0" width="0" style="display:none;visibility:hidden">

Microsoft warns sport is a prime target for ‘widespread and opportunistic’ cyberattacks

Tech giant helped protect the 2022 Fifa World Cup in Qatar.

11 August 2023 Steve McCaskill
Lionel Messi argentina World Cup 2022

Getty Images

  • Sport’s high profile, huge audiences, and temporary nature make it a target
  • Expanding digital estates and reliance on technology are increasing exposure
  • Data breach or system disruption can have huge financial and operational impact

Microsoft has warned that sports organisations and major events are increasingly prime targets for cybercriminals and other malicious actors looking to steal vast amounts of valuable data or cripple vital infrastructure.

The tech giant helped protect key systems, competition venues, and other environments at the 2022 Fifa World Cup in Qatar last December, analysing more than 634.6 million authentications during the tournament.

Microsoft said its experience shows that although many of the threats facing sport are universal, there are several factors that make it more vulnerable to widespread or opportunistic attacks.

The wider digitisation of sport means technology and advanced software is used to manage virtually every single on-field and off-field activity. This means teams and federations and others control vast amounts of personally or commercially sensitive data on athletes, potential recruits and fans that could be used to commit fraud, blackmail, or undermine sporting competition if stolen.

Secondly, modern stadiums and arenas are increasingly technologically capable, supporting retail, operational and fan engagement functions.

Digital estates now span networks and endpoints, including point-of-sale systems used at catering facilities and fan smartphones connected to stadium Wi-Fi.

At Qatar 2022, Microsoft monitored more than 100,000 endpoints, 144,000 identities, 14.6 million email flows and 4.35 billion network connections. If unprotected, any of these devices or workflows could be used to stage an attack if there is a vulnerability or misconfiguration.

Compounding this threat is that many sporting events are temporary and no two events have the same characteristics. Stadiums are therefore significant opportunities to cause chaos at a high-profile sporting event or to steal data from tens of thousands of fans at one time.

‘With events like the World Cup, the Olympics, and sporting events in general, known cyber risks surface in unique ways, often less perceptibly than in other enterprise environments,’ said Microsoft’s report.

‘These events can come together quickly, with new partners and vendors acquiring access to enterprise and shared networks for a specific period of time. The pop-up nature of connectivity with some events can make it hard to develop visibility and control of devices and data flows. It also fosters a false sense of security that “temporary” connections are lower risk.

‘Event systems can include the team or venue web and social media presence, registration or ticketing platforms, game timing and scoring systems, logistics, medical management and patient tracking, incident tracking, mass notification systems, and electronic signage.

‘Sports organisations, sponsors, hosts, and venues must collaborate on these systems and develop cyber smart fan experiences. Further, the huge swell of attendees and staff that bring data and information with them through their own devices increases the attack surface.’

SportsPro says…

A cyberattack can have significant operational, reputational, and financial implications. Sports teams benefit from a deeper relationship with their fans than many businesses in other industries do with their customers, generating a higher degree of trust that means people are more willing to share data than they would be with a retailer.

Beyond that, compromised systems could halt ticket sales, prevent a stadium from opening its doors, or even see sensitive data related to player performance or recruitment fall into the hands of a malicious actor. Such disruption is compounded by IBM reporting the average cost of a data breach increased by 2.6 per cent to US$4.35 million in 2022.

Major events like the Olympics have dedicated operations centres to handle cybersecurity, but no organisation can assume they won’t be targeted. As sport becomes increasingly reliant on technology, teams and federations of all sizes need adequate technologies and policies to ensure they don’t risk forfeiting the benefits of digital revolution.

Sport might increasingly behave like any other industry, but the relationship with fans is unique in business and there is an obligation to maintain that trust.

1 / 2news articles read

Enjoying SportsPro content? Create your account and get enhanced access to all the latest stories.


Already have an account?