The Cybersecurity Threat at Russia World Cup 2018

Original Entry by : James Barrett

For all nations attending the Russia World Cup, the risk of hooliganism isn’t the only issue that they face. The World Cup is a hacker’s gold mine, with recent news reporting that the FA is to beef up cybersecurity if England qualifies for Russia World Cup 2018. Given the profile and asset class of the people and teams there—including the USA, France and Spain—who have been burnt by previous cyber-attacks, it will be vital for attending nations to secure their networks.

Whereas other World Cup events have caused concern about the physical safety of players, staff, and spectators, Russia’s World Cup has raised considerable concern about online threats. The football industry is facing huge challenges in defending networks in the build-up to such a global event, and organizations need to have a complete programme of preparedness in the event of a breach.

Preparing for the worst

Events like the World Cup entice criminals, including online hackers and cybercriminals. When it comes to the Russian World Cup, football associations are worried about a specific hacker group, Fancy Bears (which has targeted the FA and Olympics in the past), but the risk is not limited to a single group of cybercriminals.

Football federations around the world have already begun planning for the World Cup, and this year preparing to protect against cybersecurity risks is an essential part of the overall planning process. Some plans have already put in place, including installing anti-hacking software on the phones of players, and ensuring staff and players use the FA Wi-Fi. The US government has banned the use of Kaspersky—a Russian cyber-security software—and it may not be long before other countries or officials follow suit.

Risky behaviour

So, what could cybercriminals take if they successfully hacked into data at the event? Valuable personal data will be accessible, with players’ personal details, medical records, and performance data, among others, stored online. If these assets are stolen, important information will be at risk of being shared or sold.

However, it isn’t just the players’ confidential data at risk. Spectators and staff are also being advised not to use open Wi-Fi while in Russia, as these networks could put their personal data in jeopardy. The team hotels are now known—although those details are not yet public—so cybercriminals can already begin to plan and set-up cyber traps.

With some guidelines and advice already in place for both players and spectators, federations need to educate themselves on how to safeguard their data, including early warning signs of what to look out for, and how to minimise the impact of an attack if one is detected. Football federations must learn from past scandals, including WADA and IAAF, and introduce technology and skills to reach faster and more certain conclusions when investigating and potential threats or incidents.