Cyber criminals seldom rest of their laurels. With Ireland’s fantastic start to the Six Nations tournament, it’s easy to be distracted and caught unawares.
Major sporting events provide ample opportunity for campaigns aimed at gaining user’s details as a tool to compromise data and systems. This has led to an increase in concern from Cyber Security & Privacy experts for individual’s rights, freedoms and protections leading up to, and during, major events. The concerns are heightened by past sporting events, like the World Cup in Qatar, where ticket holders were forced to download specific apps that had questionable cyber security controls. Within the excitement and build up to these events research shows that there is an increased risk that individuals are more exposed to dangerous campaigns. These can include malware, phishing, fraud, and other attacks by malicious actors on vulnerable data subjects.
The rise in cybercrime during major sporting events
There is a correlation between major sports events and increase in cybercrime. They are opportunities for criminals to profit off people’s uncertainty, excitement or curiosity surrounding the events. The lack of restrictions around the data being processed has led to concerns that malicious actors may gain access, as there is a heightened intent in cybercrime targeting fans and followers through scams, fraudulent websites, mobile applications and emails that are seemingly official.
Companies and authorities with data subjects affected by major events must deliver necessary training and awareness campaigns on how data subjects can identify a scam. This includes taking the necessary steps to ensure that the website, applications and emails received are identified and avoided if malicious. Threat actors are looking to use data from individuals as leverage for their own gain, this can be data that can be used for ransomware and DDOS attacks as examples.
Password management concerns
One privacy concern which may not be as obvious is the rise in password management threats during major events like the recent World Cup. In the period leading up and into the tournament, individuals are much more likely to use players, countries or football related terms as part of their passwords. Research shows that after analysing over 800 million compromised passwords, names such as ‘Pele’, Lionel ‘Messi’ and Cristiano ‘Ronaldo’ all appeared in the top 20 most common names used.
Password security management is a key security element for any security infrastructure. Here are some steps companies can take to mitigate the dangers presented to password management by major events through cybersecurity awareness campaigns before and even after employees return from these events:
- Password Rotation – Passwords must be changed every 90 days or less.
- A minimum length of 8-12 characters long.
- Password complexity which means it contains at least three different character sets (e.g., letters, numbers and punctuation).
- Use of a password generator.
- Account lockouts for bad passwords.
In conclusion, given the elevated concerns brought by major sports events, it is vital that companies and authorities raise awareness. People can be exposed by who or what they are giving permission to, the dangers that exist around poor password management and phishing, and the increased rate of fraud campaigns over these periods. Companies and authorities that do not improve awareness, password management controls and phishing awareness/training leave themselves vulnerable to compromised data. This could lead to devastating financial and reputational damage.