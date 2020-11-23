The Manchester United have been hit by a cyber-attack on their systems but it is not yet cleared if there is any breach of personal data for fans or customer. The club has informed the attack but added that forensic tracing is being carried out in an attempt to establish further detail about the attack.
Stuart Reed
November 23, 2020
UK DirectorOrange Cyberdefense
Manchester United has stated that the club has extensive protocols and procedures.
Large sports organisations are a prime target for cyber criminals. Earlier this year the National Cyber Security Centre’s urged the sector to tighten its cybersecurity after it revealed that at least 70% of institutions suffer a cyber incident every 12 months - more than double the average for UK businesses. All data has value to cyber criminals, and in a business as lucrative as Premier League football it is not surprising that the activity of wealthy clubs has piqued the interest of cyber criminals. Unsurprisingly, Manchester United has stated that the club has extensive protocols and procedures in place for such an event and had rehearsed for this eventuality. However, it is impossible to cover yourself against all threats in cyberspace, and that’s why a layered approach covering people, process and technology is essential to help minimise the risks. While details of this incident are unclear, since the outbreak of COVID-19 we have seen numerous examples of hackers capitalising on the crisis by using social engineering attacks to trick their way into corporate systems. Technical countermeasures against phishing attempts and detecting malicious activities are much more robust than they have been in the past. The human, on the other hand, is more complex and hard to predict in certain scenarios while easy to manipulate in others. Security awareness educates employees about manipulative techniques that might be used against them and also highlights the benefits of adapting their information security behaviour. Read Less
Companies need to improve their security hygiene.
Kudos to the cybersecurity experts at Manchester United Football Club for their quick and decisive response to a reportedly sophisticated cyber attack on their network. All companies and organisations in the public and private sector should heed this warning. You will be attacked and suffer material loss from well funded hacking groups and/or motivated individuals looking to profit or make political statements off your brand by stealing data, encrypting your files and demanding ransom and causing your company to be singled out in the headlines. But there are steps companies can take as defenders to reverse the adversary advantage and to start making cybercrime less profitable. First, companies need to improve their security hygiene and they need all employees adhere to internal security guidelines and protocols. Secondly, companies need to deploy around the clock threat hunting capabilities. They also need to deploy newer anti-ransomware software and advanced detection and response software (XDR) in order to be able to detect in real time when malicious behaviour is occurring inside their network. Too often, cyber criminals penetrate a network and then steal credentials and essentially impersonate employees that have been authorized and unbeknownst to them they are stealing proprietary data for weeks or months completely undetected. To all companies set your 2021 goals now to reduce risk by improving your ability to root out malicious behavior before it is too late and you suffer a material breach. Read Less