Join Accxia, Acronis, Arsenal, and Loughborough University on Thursday 25th May from 6:30 pm - 9:00 pm at Home House, London for our event on "How to prepare for the never normal" where we aim to raise awareness of the dramatic increase in cyber-related attacks.
We have space for a limited number of spaces for interested guests, to register your interest follow this link.
Our keynote speakers will be:
- Ronan McCurtin: Acronis VP for Europe how cyber attacks have evolved and become more complex, frequent, and devastating.
Naveed Bashir, Head of IT at Arsenal FC how Arsenal's security posture has changed over the past 4 years to adapt to the surge in Cyber related attacks.
Professors Tom Jackson and Ian Hodgkinson: Loughborough University presenting EMOTIVE, a solution that provides an insight into the real emotions used by your customers on social media and how you can tailor messaging to appeal to these emotions more effectively.
Naveed will talk about how Arsenal's security posture has changed over the past 4 years, including how they're working with Acronis, what new security policies they've implemented, and why.
Arsenal FC was already on its cyber security journey and had implemented policies such as MFA and forced encryption on external media when the NCSC published its Cyber Threat to Sports Organisations report. It determined that 70% of sports organisations had experienced a cyber incident or breach and includes examples of high-profile victims, such as a Premier League club and a UK sporting body.
Office 365 account compromise affecting a UK sporting body An organisation that holds athlete performance data had been using Office 365 as its corporate email for several years. When a member of staff received an unusual auto reply from a colleague, they reported it to their IT team as suspicious. Investigations revealed that for several months the colleague’s email account (and eight others) had been compromised by an unexplained rule that was auto-forwarding emails to one of three suspicious external email accounts. Approximately 10,000 emails were found to have been sent to the external email accounts, many of these contained personal data and the Information Commissioner's Office (ICO) was notified immediately.
Office 365 payment fraud targeting a Premier League football club The Managing Director (MD) of a Premier League football club was the victim of a 'spear phishing' attack. When he clicked on the email, he was diverted to a spoofed Office 365 login page where he entered his credentials, unwittingly passing his email address and password to unidentified cyber criminals. During the transfer window, the football club agreed a transfer with a European club worth almost £1 million. However, the cyber criminals were using the MD’s credentials to monitor account activity and identified the impending transfer as an opportunity to monetise their attack. The attackers assumed the identity of the MD and communicated with the European club. Simultaneously they created a false email account and pretended to be the European club in communications with the real MD. At this point the football clubs thought they were talking to each other, but both were talking to the cyber criminals. The cyber criminals sent an amended payment request to the MD, changing the real bank details to an account they had control of. The transaction was approved and the Premier League club almost lost £1 million. Fortunately, the payment did not go through. The cyber criminals’ account had a fraud marker against it and the bank refused the payment. This highlighted the attempted fraud to the FA and the victim club.
Ransomware affecting an English Football League club An English Football League (EFL) club suffered a significant ransomware attack, which crippled their corporate and security systems. They were asked to pay a 400-bitcoin ransom which they declined. The attack encrypted almost all the club’s end user devices, resulting in the loss of locally stored data. Several servers were also affected, leaving the club unable to use their corporate email. The stadium CCTV and turnstiles were non-operational, which almost resulted in a fixture cancellation. The attack vector remains unknown, but the initial infection was likely enabled by either a phishing email or remote access via the CCTV system. All systems at the stadium were connected to one network (VLAN). This meant that the infection spread across the estate quickly. The attack cost the club several hundred thousand pounds from lost income and remediation.
The report identifies 3x key trends as the biggest cyber threat to sporting organisations, however these trends/risks are synonymous across all industries.
Trend 1: Business Email Compromise (BEC): This is widely understood as THE biggest cyber threat, with 91% of all cyber attacks originating via email.
Trend 2: Cyber-enabled fraud: This often relies upon social engineering (normally phishing) to trick staff into making mistakes.
Trend 2: Ransomware: A type of malware that prevents you from accessing your computer (or data that is stored on your computer).
We aim to raise awareness of the dramatic increase in cyber-related attacks. For instance, the FBI has witnessed a 400% increase year-on-year in phishing attacks, and with 91% of all cyber attacks originating via email, this should be a key focus area for any organisation.
Our key message is that cyber crime is now a lucrative business. The world has changed in the past 24 months and as we become more digitalized, cyber attacks are becoming more frequent and sophisticated. Everyone should start considering, planning, implementing, and reviewing security measures and policies, to ensure they do not become the next victim of cyber crime.