The National Cyber Security Centre (NCSC) has reported that an unnamed Premier League club came close to losing £1 million during a transfer negotiation.
All sporting organisations and clubs are being urged to strengthen security after the NCSC's 'The Cyber Threat to Sports Organisations' report revealed that an email of a Premier League club’s managing directors’ email was hacked during a transfer negotiation which lead to hackers almost intercepting and stealing £1 million. The reason for the unsuccessful attempt was down to the club’s bank intervening before the transaction went through.
The report also stated that 70% of major UK sports clubs and organisations are hit with at least one cyber-attack every year, which is double the amount of any other business in the UK. Around 30% of these incidents result in financial damage, averaging £10,000 per attack, the largest loss from a cyber-attack accumulated up to £4 million.
NCSC have highlighted in the report that there are three common methods that criminals use to hack organisations; business email compromise (BEC), cyber-enabled fraud, and ransomware which can take control and shut down stadium security and accessibility. It also mentioned that approximately 40% of these attacks use malware in which a quarter of these are ransomware.
An incident that was covered in the report included a Football League club suffering from a ransomware attack which prevented the turnstiles and CCTV from working; this almost resulted in the match being postponed.
The report added that a UK racecourse member of staff was a victim of fraud, losing £15,000 when they used a fake version of eBay, as they attempted to buy groundskeeping equipment.
The Director of Operations at the NCSC, Paul Chichester said: “Sport is a pillar of many of our lives and we’re eagerly anticipating the return to full stadiums and a busy sporting calendar."
“While cybersecurity might not be an obvious consideration for the sports sector as it thinks about its return, our findings show the impact of cybercriminals cashing in on this industry is very real."
“I would urge sporting bodies to use this time to look at where they can improve their cybersecurity – doing so now will help protect them and millions of fans from the consequences of cyber-crime.”
The Chair of the British Olympic Association, Sir Hugh Robertson commented: "This report is a crucial first step, helping sports organisations to better understand the threat and highlighting practical steps that organisation should take to improve cybersecurity practices."
Oliver Dowden, Digital and Sport Secretary added: "Cyber security should be everyone’s game, but elite sport is clearly an attractive target for cybercriminals."
"Sports bodies should listen carefully to this warning by the NCSC and take steps to improve their cyber security before it is too late. Simple steps taken today can save millions of pounds of losses tomorrow”.
Read the NCSC report here.
Author: Bradleigh Amis