On January 28, 15 NFL teams’ social media accounts – including both Super Bowl LIV contestants, the Kansas City Chiefs and San Francisco 49ers – began posting strange messages.
It was the work of OurMine, a Saudi hacker group, who not only gained access to the team accounts but to the main @NFL account as well.
This incident shined a spotlight on the issue of cybersecurity for teams and leagues, especially given the sheer amount of information that every franchise compiles – from player and fan data to opposing teams’ scouting reports.
“The whole cyber-hacking climate that’s out there, whether it’s somebody trying to hack into our system or just stealing our information and season ticket holder information, that would be awful if it got into the wrong hands,” Sergio Del Prado, the Padres’ senior vice president of corporate partnerships, said.
The issue does not just include threats from unknown hackers. In 2017, Major League Baseball Commissioner Rob Manfred handed down severe punishments to the St. Louis Cardinals for hacking into the Houston Astros’ database, this time with a stolen password.
St. Louis was forced to make a $2 million payment to Houston, send over its two highest picks in the 2017 draft, and place former scouting director Chris Correa – who was at the center of this investigation – on MLB’s permanently ineligible list, banning him from baseball.
When it comes to tackling cybersecurity concerns, collaboration can help eradicate the growing number of data hacks in pro sports.
OurMine’s hacking of the NFL’s Twitter accounts is just one instance of people coming together to cause disruption, said Christopher Robinson, a cyber threat analyst at Cyber Resilience Institute. While this has become the norm, he thinks that more sports properties need to follow suit and start a dialogue to inhibit future cyber attacks.
“All the adversaries are working together as organized teams and they are sharing information,” Robinson said. “They’re sharing code and payloads to attack the teams of the athletes, the sponsors and the fans. But on our defensive side, we need to work more in sharing information with each other team-wise to better know how each team is being attacked.”
Robinson also agrees that it’s imperative for more teams to break ground on cybersecurity partnerships. With the financial and healthcare industries dedicating significant resources to this area, there is no reason why it shouldn’t be happening in professional sports.
“It’s just inherently necessary, and we’re seeing that more and more with the social media hacks,” Robinson said. “At the end of the day, they impact the sports, the brands, the companies, the athletes involved, and even the cities. it’s just too big of an impact to ignore.”
The Padres have begun taking their own steps to protect the team’s data by signing a multi-year partnership with cyber protection company Acronis. The Padres will use the company’s products to secure its data, applications, and systems.
“We just want to make sure that all our info is secure. Not so much from other clubs – even though that’s a nice byproduct – but more importantly from some bad people out there who are trying to constantly hack into all the information they can tap into,” said Del Prado.
Del Prado expects more teams to sign cybersecurity deals.
Pat Hurley, Acronis’s vice president and general manager of the Americas, said that in the past three years, 93% of organizations have been the target of at least one cybersecurity attack – with sports being a prominent target.
“They’re big logos, they’re popular, and to get one of those in the news, I don’t think any hacker would be disappointed to see that their hack came in and deployed a ransomware attack on one of these organizations,” Hurley said.
The focus on these sorts of deals has also become an interesting sponsorship category – one that adds a beneficial off-the-field relationship as well, according to Troup Parkinson, the Red Sox’s executive vice president of partnerships.
“[Cybersecurity] is an interesting category – one that’s always been very relevant, maybe not as relevant on the sponsorship or partnership front. But that’s probably something you’re noticing now over the last few years. We’ve obviously always been very focused on cyber security, and I think probably the league is very much,” he said.