Arsenal Football Club is seeing an increase in hackers attempting to exploit the global crisis, according to the club’s IT director Christelle Heikkila.
Heikkila, who was speaking on a panel as part of the Acronis cyber protection virtual conference called ‘Backup is Dead’, told viewers that the club was seeing a particular increase in phishing and smishing – which is the fraudulent practice of sending text messages pretending to be from reputable companies in order for individuals to give up personal information. She said:
The challenge is that people are worried about some very serious things; their children and their health. So we have to be very careful that when we give advice around how to keep safe from a cyber security perspective, that we adopt the right tone in our communications right now.
Arsenal isn’t the only football club or organisation under threat; there has been a huge number of reports about an increase in cyber-related crime since the beginning of the coronavirus pandemic.
Combatting threats requires ‘cyber culture’
User awareness plays a particularly big part, and Heikkila believes that while it’s difficult to get the right individuals that have the technical, policy and training skills for cyber security, it is important for her organisation – and others - to be switched on to cyber threats as a whole. She said:
What I say to my team in my IT department is that everyone has a role to play in cyber security, so it’s not just about a lot of responsibility for one or two people. That means anything from a service desk employee who is responsible for doing inductions to new joiners and ensuring they’re cyber aware, to software engineers who have to make sure they’re security-first when they’re developing their systems.
According to Heikkila, patching is incredibly important, and never more so than right now. In general, however, she says that it is far more difficult for Arsenal to keep up with patching than a retail business. This is because the club doesn’t just operate on the pitch or as a stadium, it is an e-commerce retailer, bricks and mortar retailer, charity and ticketing business, all of which have different demands at different times.
This is made even more challenging with fixtures constantly being rescheduled. She said:
The key for me is how we can manage that complexity, and for me it’s about having a very open and direct communication channel with the system owners in particular. By doing this, they understand why you’re patching and the importance of it and they are then proactively helping you find those windows of opportunities, making sure they’re involved in testing, pre-patching and post-patching.
Communication is one part of the solution – sometimes her team have to be creative about instilling a cyber aware culture into the organisation rather than merely preaching about cyber security all of the time.
According to Gaidar Magdanurov, chief cyber officer at Acronis, this is an issue that many CIOs, CISOs and CTOs have to contend with, particularly in keeping up with vulnerabilities. He said:
In my practice, I don’t come across a lot of CTOs who take [vulnerabilities] seriously. So whenever I have a conversation with a CTO about a vulnerability checklist and when they last used it, their faces turn red; they know they need to do it, they accept the fact it needs to be maintained at least, yet due to the pressure they’re under they don’t get to it.
Magdanurov suggested that CTOs should use gamification with their IT teams in order to make a game out of this security checklist, and continually update it. This would make it seem like less of a chore to the employees, and ultimately keep the organisation secure.
Zero-day vulnerabilities and ransomware
Organisations are still likely to have some vulnerabilities that can be exploited by criminals, and managing known vulnerabilities is therefore very different to zero-day vulnerabilities. According to Heikkila, Arsenal FC does everything it can to deal with known vulnerabilities, but she acknowledged that zero-day threats can catch organisations out. She said:
It’s important not to become complacent and think ‘oh you’re fine because you’ve got some anti-virus software’. People shouldn’t be complacent and they should know they could be a victim of some malware that hasn’t been detected and it’s important to have a plan of how to respond.
Meanwhile, Heikkila sees ransomware as an economic threat, but more importantly warned that there could be serious consequences for health and society as a whole if it happened at a hospital during the pandemic. Just last week, Interpol said it had detected a significant increase in the number of attempted ransomware attacks against key organisations.
According to Europol, the European Union Agency for Law Enforcement Cooperation, criminals using ransomware have seemingly “intensified their activities” since the Covid-19 pandemic began, while criminals were also shortening the period between infecting an organisation with ransomware and requesting a ransom.
Research from CyberEdge has shown that the number of ransomware attacks and the percentage of attacks that have resulted in payment have increased every year since 2017.
Heikkila believes there needs to be more openness from business leaders on how they would tackle ransomware. She said:
I think it’s something that businesses should talk about – detailing what their approach would be in the event they were facing a ransomware attack.
Perhaps by doing so, businesses could better deal with a ransomware attack and this would deter criminals from attempting them in the first place.