The 2018 FIFA World Cup is expected to be the largest yet, with fans from all over the world watching. When it comes to TV audiences, the games are expected to be watched by 3.4 billion fans from 200 countries, which is nearly half the total world population. Not only is the World Cup available to view worldwide through a variety of broadcasting platforms, but smart technologies are now increasingly used by the fans to watch the games and interact with their favorite players. In fact, a survey by GlobalWebIndex found that 47% of the online population plans to watch the games online, and a quarter of millennials have declared they’d follow the tournament on their smartphone or tablet.
And if this doesn’t give you enough hint about the scale of the event, here are some more numbers:
- 12 hosting stadiums requiring good IT infrastructures
- More than 5,000 media representatives present at the games
- 36 participating teams, 736 players and 99 referees
- 17,040 people from 112 countries in the volunteer’s team
High profile sporting events like the FIFA 2018 World Cup could provide many opportunities for hackers to target not just consumers and their smart devices, but also stadiums’ infrastructure, such as grid power and lightning among others. Cyber criminals often use these large gatherings of people and technology to steal personal information or harvest users’ credentials for financial gain, among other malicious activities.
Digital threats likely to be seen at the World Cup
While attacks at previous major sporting events have focused on ticket scams, and availability of IT services and personal data, there are now more substantial cyber threats to stadium operations, infrastructure, broadcasting and participants and visitors to the games. For example, the 2012 London Summer Games were hit by a DDoS attack on broadcast operations and power systems seeking to limit viewer access to live broadcasts; fortunately, it had limited success. In response to similar threats, the South Korean government and Pyeongchang organising committee invested around £850,000 into cybersecurity measures for the 2018 Winter Games.
Individuals taking part in the matches, either organisers or fans, could become targets to hackers in various ways. The most popular scams could include spam emails about winning tickets in the FIFA lottery and fake websites. Hackers could also create duplicates of bank websites and popular tourist sites, such as Booking.com and Airbnb, and use them to gain access to the users’ banking information. Below, we’ve listed a few of the most common ways in which the personal details, devices and services availability for all present at the football games could be compromised:
- Phishing attacks – Just days after the tournament kicked off, researchers at Check Point revealed the ‘Wallchart’ phishing attack designed to lure football fans with a subject line about the World Cup schedule and scoresheet
- Dubious mobile applications – users could download World Cup-related apps which seem genuine and thus compromise their devices
- DDoS attacks – At the start of the 2014 FIFA World Cup in Brazil, hacktivists defaced and conducted DDoS attacks against websites of the Military Police of Sao Paulo, Brazil’s Department of Justice, Hyundai, and the Emirates Group, to protest against the corruption around having the event held in Brazil
- Unsecured WiFi – 7000 WiFi networks in the Russian World Cup cities were found to be vulnerable and England players and staff in particular have been advised not to use public or hotel WiFi
Protecting the World Cup: the CIA pillars for digital security
In order for organisers of such sports events to protect everyone involved, they need to rely on cybersecurity strategies that protect the three main pillars that underpin connected devices and services: Confidentiality; Integrity; and Availability (CIA). This means that connected devices and the services associated with them should factor:
- Confidentiality: ensuring that devices, systems or data are not accessed by unauthorised parties
- Integrity: ensuring that no data can be manipulated or tampered with
- Availability: ensuring that attendees can connect whenever, and to whoever, they need to
The table below illustrates how the 3 CIA pillars reflect the World Cup digital environment, including different threats that can be associated with each of those.
Ensuring Confidentiality, Integrity and Availability
Major sporting events like the 2018 FIFA World Cup require months of preparation that include evaluation of risks and mitigation based on different scenarios.
Simple measures for fans and visitors such as switching off the Wi-Fi and Bluetooth connections of devices when not in use, using a credit card to pay for online goods and services, updating the software of devices, and using strong PINs and passwords can all help.
But here are a few security principles that major sport events, organizers should always follow to ensure confidentiality, integrity and availability:
- Create strong IDs for connected devices and services – ensuring Trusted Digital Identities could be a good way forward
- Encrypt sensitive data at all stages as it moves from devices, gateways or cloud servers. This will protect against data tampering or data theft.
- Implement strong authentication processes, to securely store credentials and ensure only authorized individuals, entities or devices have access to sensitive data and services
- Ensure remote software and security updates capabilities, with access credential management. This will ensure best performance for connected devices, block devices/services access or allow to come back to a safe security status, whenever needed, if a threat is considered.
- Create redundant systems and databases for the recovery of disaster case scenarios
- Install monitoring and intrusion prevention systems to detect anomalies and be alerted before issues arise
Increased connectivity, both among the public and global infrastructures, makes the 2018 World Cup a prime target for digital threats. Luckily, now going into its final stages, one of the most significant global sports event hasn’t been intruded by major cyberattacks. But these last couple of weeks are also the most important ones for all parties involved, therefore digital security prevails at all costs.
Good luck to the teams and fans, and make sure you stay safe online!