Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know.

6 Cybersecurity Headaches That Sports Organizations Have to Worry About

Leaders in professional athletics lament the realities and risks of growth in connected stadium environments, social networks, and legalized gambling.

4 Min Read
Fans at a baseball game at Dodger Stadium in Los Angeles use their cellphones
Source: Robert Landau via Alamy Stock Photo

Professional sporting events have long been prime targets for violent attacks and terrorism, given their vast audiences. In recent years, these events have become targets of cyberattacks as adversaries exploit venue operations to disrupt events, abuse payment systems for fraud, breach networks to steal data, and take advantage of how athletes interact with fans.

While game time is pivotal, sports franchise operators and event organizers must also allocate resources to address many other vulnerabilities, including a growing and increasingly fragmented ecosystem of stakeholders like broadcast and streaming partners, ticket distributors, and legalized gambling platforms.

"We've done pretty well so far," said Betsy Cooper, director of the Aspen Institute tech policy hub, during a panel at the 2024 Aspen Cyber Summit in Washington, DC. Despite the expanded threat, operators of major franchises, leagues, and international events (such as the Olympic Games in Paris) believe their proactiveness has prevented devastating events that other industries have faced.

1. Athletes Need More Training

Athletes are increasingly relying on social media and technology platforms to engage with fans and develop their brand.

"I represent a lot of athletes, and a lot of them depend heavily on social media to build their brand and build their audience," said Jaia Thomas — founder of Diverse Representation, a group of African American agents, attorneys, managers, PR reps, and financial advisers for athletes and entertainers — during the panel discussion. "A lot of mistakes happen along the way, and they're not always the most tech-savvy people."

These athletes are also young and may be unaware that using these platforms exposes them to potential ransomware attacks or increased risks of being doxxed.

"You're talking about kids, for the most part, that make up these teams, and the education piece needs to be strengthened," said Eric Tysarczyk, senior vice president of the National Hockey League, during the panel.

2. Event Attendees Are Vulnerable

Now that most events only accept e-tickets, almost all attendees have phones with them. The NHL says fans need to take precautions with their mobile devices.

"Imagine if everyone that was in that arena is walking around with all their personal data taped to their back on a piece of paper, and how attractive that arena would be to a malicious actor to get in and just start cultivating all that data," Tysarczyk said.

3. Partnerships Are Critical for Major Events

Reynold Hoover, CEO of Los Angeles 2028 Olympic & Paralympic Games, told panel attendees that one of the reasons there were no disruptive cyberattacks during the Summer Olympics in Paris was due to information sharing across law enforcement and partners. The most notable activity leading up to the games was influence campaigns waged by Russian threat actors.

"The Russians were very active in Paris, trying to disrupt," said Hoover, a former Army and National Guard lieutenant general with a background in military intelligence.

The Los Angeles Olympic Games in 2028 is expected to draw as many as 15 million visitors, 15,000 athletes, and 25,000 broadcasters across 800 different sporting events. Hoover said the committee is preparing for threat actors ranging from "goobers in their basements trying to do something stupid, all the way to nation-state actors."

The Los Angeles 2028 committee has partnered with the Department of Homeland Security, the Cybersecurity and Infrastructure Security Agency, and the Federal Communications Commission, among other US agencies.

"We cannot do it alone," Hoover said. "It requires a public-private partnership and open and honest information sharing."

4. New Streaming Models Create New Challenges

As all the major leagues expand their broadcast distribution rights to streaming providers, they can reach new audiences and gain new revenues. However, an attack that even briefly interrupts a broadcast could be costly in terms of lost advertising revenue, Tysarczyk said.

"We're putting a lot of faith in those third-party operating techniques and what their cyber protections are," he said.

Further, now that sports gambling is now legal in 38 US states, including Washington, DC, and Puerto Rico, stealing data is more lucrative for threat actors than ever. Non-public information, including health records and other proprietary statistics, is especially valuable.

"[It's] the data that people use to develop trends and see where the wagers go and things like that," Tysarczyk said.

6. Expanded Partnerships Require Advanced Data Protection

A broader ecosystem that shares increasing amounts of data needs to ensure that information is air-gapped, which was the focus in Paris this summer, Hoover said.

"It really requires a partnership effort, and it was an all-hands-on-deck effort in Paris to defend the networks," he said. "It's a closed network, and so we are very concerned about the integrity of the sport, the safety of our athletes, and the safety of our fans that attend, and making sure that we can protect the data, keep that inbound, and the right people are getting the right data."

About the Author

Jeffrey Schwartz, Contributing Writer

Jeffrey Schwartz is a journalist who has covered information security and all forms of business and enterprise IT, including client computing, data center and cloud infrastructure, and application development for more than 30 years. Jeff is a regular contributor to Channel Futures. Previously, he was editor-in-chief of Redmond magazine and contributed to its sister titles Redmond Channel Partner, Application Development Trends, and Virtualization Review. Earlier, he held editorial roles with CommunicationsWeek, InternetWeek, and VARBusiness. Jeff is based in the New York City suburb of Long Island.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights