Top European football clubs find themselves in the relegation zone for cybersecurity
Football and cyber security don’t often get mentioned in the same sentence, but with billions of pounds invested into the richest football leagues in the world, and football clubs possessing vast swathes of data, their valuation can be massively impacted following a data breach. Everything from sponsorship deals, personal player data, youth teams training plans, health and performance statistics, salaries of players and all club staff through to fan members’ personally identifiable information, the impact of a breach could be devastating for the club both financially and reputationally.
What do the standings look like?
SecureScorecard recently conducted research on three of the richest football leagues in Europe*, the English Premier League, German Bundesliga and Spain’s La Liga, assessing their security posture and comparing it to their football standing. To do this we looked closely at ten elements of the league’s security posture. These include: network security; DNS health; patching cadence; endpoint security; IP reputation; web application security; cubit score; hacker chatter; leaked credentials; social engineering.
Through doing so, we revealed an inverse relationship between the success of teams in sport, their digital exposure and resulting cyber risk. By analysing each team’s external digital footprint, we discovered that the top teams across the three leagues all find themselves languishing at the bottom of their respective tables as the larger the digital footprint, the lower their cyber risk score is. At the other end of the table, those teams with a smaller digital footprint find themselves topping the table and are ultimately viewed as being more secure.
Overall, Bundesliga came out on top in terms of security, being awarded with an ‘A’, which is impressive considering it actually has 3x the digital footprint exposure of the Premier League. La Liga’s digital footprint is the smallest. Nevertheless, across all three leagues the most common security issues were weak encryption and web application issues, followed by high severity patching issues and susceptibility to email spoofing.
Surprisingly, we also discovered that only one team in the Premier League would currently meet the requirements of GDPR and be classed as compliant, whilst none of the teams in either the Bundesliga or La Liga meet the legislation
The ongoing challenge
The biggest challenge still facing organisations, whether they are a football club or a financial institution, is the disconnect between the board level executives and the IT teams. With no common language for companies and their partners to communicate, understand, and improve their cyber security and cyber risk posture, we will forever be at this impasse. To develop the enterprise risk framework which all parties can understand when discussing cyber security and risk, there are three basic points that need to be considered:
- Build cyber security into the Enterprise Risk Frameworks and Regulatory Compliance
- Establish metrics to demonstrate program maturity and comparative benchmarking
- Build your business case around people, processes and technology to demonstrate ROI
A final note
Football is not just about the camaraderie of the players and turning up to play on match days. It is very much a business with multi-billion-pound deals and reputations on the line, all of which come under fire if they suffer a data breach. We’ve already seen FIFA and teams like West Ham, Real Madrid and Barcelona falling victim to breaches or their social media profiles being hacked. Overall, the findings show that being in the Champions League in sport does not mean football teams are Champions League level for cybersecurity. But it is also important to note that just like sport standings change every day, so do cyber standings.
source techradar
Industry: Cyber Security News
Latest Jobs
-
- Network & Security Consultant
- Spain
- Upto €54000 per year and benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred)for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.
-
- Security Analyst - Internal role. London commutable. £50,000
- London
- £50,000
-
Security Analyst - Internal role. London commutable opportunity. Operational Security - Investigate, escalate and proactively work to ensure household name remains protected. Project Security - Coordinate, log change requests with project delivery teams to meet security requirements Policy / compliance - work with team to aid in uplifting these as and where needed This role is role to investigate, escalate and proactively work to protect a globally recognised brand. You must have current hands on operational analytical security experience with Microsoft technology stack Someone with a SOC Analyst / security engineering background would be well suited. This position will join a small team and would suit someone that has broad experience across the security threat landscape. Experience / knowledge across industry GRC standards such NIST, ISO27001 etc would be advantageous. You will work across multiple teams proactively working to secure the business. Must be able to commute to Central London 3 days a week. Visa sponsorship not available Apply today to find out more.
-
- Network & Security Consultant
- Romania
- €54000 plus benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred) for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.
-
- Network & Security Consultant
- Hungary
- Upto €54000 per year and benefits
-
Senior Network & Security Engineer to join a Managed Network & Security Team in Europe. In this critical role, you will: Play a pivotal role in managing and securing network infrastructure across datacenters, customer connections, and on-premise deployments. Proactively monitor network and security devices, analyse incidents, and implement solutions to ensure optimal performance and security. Collaborate with colleagues and customers to troubleshoot issues, troubleshoot outages, and implement effective resolutions. Lead and participate in network system installations for new facilities and expansions. Develop and maintain network infrastructure procedures, recommend technical strategies, and propose improvements to enhance network capabilities. Stay up-to-date on the latest network and security technologies and trends. Work as part of a collaborative international team, contributing to team presentations and knowledge sharing. To be successful, you'll need: Proven expertise in Cisco network solutions (CCNP R&S/Sec/Wireless preferred) for both BAU and project work. In-depth knowledge of network security principles and experience with Fortinet firewalls. Experience deploying and managing large, complex network infrastructure (routing, switching, wireless, security). Solid understanding of ITIL v3 framework for incident, change, and problem management. Excellent troubleshooting skills with experience using Wireshark or similar protocol analysers. Strong communication and teamwork skills, with the ability to work independently and collaborate effectively.