Cybersecurity and the World Cup

by | Jun 22, 2018 | Cybersecurity | 0 comments

From easily guessed passwords to phishing scams to unwittingly spreading malware, “Cybersecurity has become a growing concern in sports leagues and players’ associations around the world in the wake of several data breaches and unrelenting waves of hacking attempts.”


Venues, teams, leagues, athletes, and fans are often more at risk than they realize. “The most common cyberthreats to sports venues currently include attacks against IT systems and ticket operations — but in the future may include devices that would affect the integrity of the game itself.”


For example, “during the 2014 FIFA World Cup held in Brazil, there was a drastic increase in malicious cyber activity. In a period of 30 days, starting three weeks before the tournament and through its first week, more than 90,000 attacks were launched against related organizations.”


In preparation for the 2018 World Cup in Russia, England players have been briefed on cybersecurity concerns and advised to not use hotel or public wi-fi while in Russia during the 2018 World Cup, noting that using freely provided wi-fi can open “sensitive information such as injury, squad selection and tactical details” to exposure.


“For most sporting leagues, their information in many ways is their currency,” but data is the real currency of any corporation. And though sporting leagues and franchises may be struggling to improve their security and protect their data, we can learn from their approach to the game itself how to improve any company’s cybersecurity.


As Deloitte stated in 2015, “Cybersecurity is a team sport.” Looking at a team sport, we can see how this is still true.


As the 2018 World Cup Argentina-Iceland game reminded us: if your opponent can’t score, they can’t win. Even one-on-one against the renown Messi, Iceland’s keeper was able to block the shot and keep the game at an even score. What made this team emerge from a match still holding their own against one of the superpowers of soccer was “the fact that it is a well-organized, well-drilled side, made up of hard-working, disciplined,” in short: it’s a good team.  Everyone played their part. Everyone worked together.

And as far as their defense, they seemed to keep to the basic rules: apply pressure, use coverage (always be more than one person deep), maintain balance, keep compact, and use control and restraint. The same rules and the same path to success could easily be applied to cybersecurity:


  1. Apply Pressure: Stay on top of training and current protocols as well as consistently practice best cybersecurity practices. There is no slacking.
  2. Use coverage: Have multiple lines of defense that effectively communicate with each other. Make sure everyone is keeping ‘their eye on the ball’ (here meaning: cybersecurity).
  3. Maintain balance: A team is constantly adjusting to the attack coming at them, fill the holes, figure out where you need training, new tools, or new team members. Don’t use all your assets in one area leaving other areas exposed or vulnerable.
  4. Keep Compact: In keeping compact, the holes naturally close and communication is easier. In cybersecurity, it also keeps the target smaller, harder to reach, and gives the attacker less time and opportunity during an attack. Be aware of what data you are holding, where you are holding it, and how it is being protected.
  5. Use Control and Restraint: Within soccer, this is simply the opposite of being poorly timed and unbalanced. In cybersecurity, it’s remembering that if it sounds too good to be true it probably is and resisting the temptation of free wifi, links from unknown sources, and staying aware of other potential phishing attacks.



If you didn’t get to watch the 2018 Iceland-Argentina World Cup game, you missed one of potentially the greatest World Cup games in history. Even though the game ended in a draw, in truth, a small country upset a superpower of the sport by maintaining a strong defense. That draw and their attention to defense is a wonderful example of how soccer (or futball) is very much like cybersecurity: it takes a team with a good strategy working effective defense to keep an organization safely in play. And in cybersecurity, if you can keep your opponent from gaining access (scoring), you have won.


What is your strategy? How well are your team members trained? How well do you work as a team?