The World Cup kicked off last Thursday, marking the beginning point of more than a month of futbol hysteria. The World Cup is the most watched event on the planet and the runner up isn’t even close. According to the Federation International Football Association (FIFA) television audience report released after the 2010 World Cup in South Africa, 3.2 billion people, nearly half the global population at the time, tuned into at least a portion of the matches. Nearly one billion people tuned into the final match alone. Just for comparison’s sake, the highest ranking Super Bowl of all-time was in 2012 between the NY Giants and the New England Patriots and drew an audience of only 111 million.
The global fascination with the World Cup is unrivaled and with Brazil hosting this year, it’s expected to be even bigger this time around. So what does this have to do with cyber security? A great deal actually. Anytime there is a large-scale global event, there is a sharp spike in the number of cyber scams that are unleashed on unsuspecting individuals and organizations to match. Last Thursday morning, on the day World Cup officially got under way, The Guardian ran a piece titled, Don't be a World Cup loser online: give football cyber-scammers the boot. The article summarized how opportunistic cyber criminals will use the enchantment of the World Cup to gain entrance to networks and steal critical information from consumers. This excerpt conveys the sentiment of the issue quite succinctly:
Cyber criminals are very happy about the febrile atmosphere around the beautiful game right now. For them, the World Cup is a perfect storm of scamming opportunities.
That means trouble for internet users and businesses relying on the tournament for revenues, and should be a warning to be careful who you trust when it comes to football-related online activity.
In other words, don’t trust emails or websites touting your favorite team, merchandise, or deals that appear too good to be true because as the old saying goes, they probably are.
Back in February, Reuters covered the potential for cybercrime to impact the World Cup in great detail. Within the article, Hackers target Brazil's World Cup for cyber attacks, the issue of cyber security was raised as problems surrounding the cost of hosting the event have continued to plague the government. As the reporter, Esteban Israel points out:
Brazilian hackers are threatening to disrupt the World Cup with attacks ranging from jamming websites to data theft, adding cyber warfare to the list of challenges for a competition already marred by protests, delays and overspending.
In a country with rampant online crime, a challenging telecommunications infrastructure and little experience with cyber-attacks, authorities are rushing to protect government websites and those of FIFA, soccer's governing body.
While the government is most likely prepared to handle direct attacks on the event and formal offices, the increased funding and sophistication of cyber-attacks has officials understandably nervous. Said General José Carlos dos Santos, the head of the cyber command for Brazil's army, "It would be reckless for any nation to say it's 100 percent prepared for a threat, but Brazil is prepared to respond to the most likely cyber threats."
As we’ve seen with past world-stage events such as the Olympic Games, cybersecurity is reaching the same level of consideration as transportation, logistics, and even physical security receive in the planning to host an event of this magnitude. Entire teams of experts are assembled years in advance to dissect every aspect of the event from a networking perspective. Every potential entry point is scrutinized, vulnerabilities are pored over and externals threats and sources identified and investigated. Nothing is left to chance, and even then, there are no guarantees.
In speaking with some of my colleagues involved in these activities, the level of preparation and number of practice runs completed is astonishing. Every plausible cyber scenario is played out over and over until the reactions are second nature. Complete teams of would-be hackers are assembled to pressure the defenses and find the holes.
As a company that was founded in South America (Argentina) by a group of white-hat hackers, we find this level of scrutiny refreshing. It confirms the approach we’ve taken for years when developing our own technology and advising clients, which is to be proactive and think like an attacker instead of just putting up defenses and hoping to stop whatever comes along.
So while I’m not a huge soccer fan, I will be watching the World Cup with a vested interest and rooting hard for the cyber security teams, and of course Team USA, to come out on top.
Related Reading: Cybercriminals Ramp Up Activity Ahead of 2014 World Cup