State of Play

Threat actors go where the targets are, capitalizing on opportunities to launch targeted or widespread, opportunistic attacks. This extends into high-profile sporting events, especially those in increasingly connected environments, introducing cyber risk for organizers, regional host facilities, and attendees. The United Kingdom’s National Cyber Security Centre (NCSC) found that cyberattacks against sports organizations are increasingly common, with 70 percent of those surveyed experiencing at least one attack per year, significantly higher than the average across businesses in the United Kingdom.

The pressure to deliver a smooth, safe experience on the world stage introduces new stakes for local hosts and facilities. A single misconfigured device, exposed password, or overlooked third party connection can lead to a data breach or successful intrusion.

Microsoft delivered cybersecurity support to critical infrastructure facilities during the FIFA World Cup Qatar 2022™. In this edition we offer first hand learnings about how threat actors assess and infiltrate these environments across venues, teams, and critical infrastructure around the event itself.