Security Beyond the Field

How venues can defend themselves from cybercrime during events

• By Chris Calvert
• Jun 01, 2019

As you walk into a venue to cheer on your favorite team, or see a favorite singer or show, it’s likely that one of the last things on your mind is the potential for a cyber attack. At any stadium or venue, fans can often see the presence of security cameras or police officers on the lookout for suspicious behavior, but what’s going on behind the scenes to protect a venue’s IT infrastructure?

We know cyber attacks are penetrating every industry—from finance and banking to travel and hospitality. And, as businesses increasingly interact with their customers through technology, the amount of data generated via online transactions, social profiles, etc., will continue to grow, providing hackers more opportunity to get ahold of valuable data and create massive disruption.

The threat of cyber attacks has long been on the minds of government organizations and businesses, but large-scale events and venues need to be wary of the threats that can infiltrate every layer of technology during a live sporting event, concert or conference. The technology that is required to keep 100,000 fans streaming videos or sharing the live action is becoming more connected, making these spaces even more vulnerable and valuable to attackers. Beyond the risk of digital disruption are all the ways that a cyber attacker can threaten the public safety of the event. The Jumbotron or the sound system are both critical systems and they could be used to cause panic in a crowd.

The Changing Landscape of Cyberattacks

At this point, it feels like a new data breach makes headlines on a weekly basis. In 2018 alone, a number of well-known companies publicly disclosed data breaches. Marriott, for instance, reported 8.6 million payment cards were involved in a breach to its reservation database. British Airways announced more than 380,000 card payments on its website had been comprised, and social media giant Facebook announced the data of over 50 million users was compromised in an attack that affected user accounts.

No company today is completely safe from potential attacks—the threat landscape has been evolving to become more aggressive and intelligent, meaning businesses must have the right technology and people in place to protect themselves against potential threats. Adding
to the complex nature of today’s threat landscape, businesses are
also evolving to focus on more digital services and offerings, meaning
there’s ample opportunity for hackers to infiltrate a company’s IT infrastructure and get ahold of critical business and user information.

As we continue to see large consumer-facing brands in the headlines,
how can venues avoid becoming the next major target for cybercriminals?

Venues—The Next Big Cyber Target?

Large venues, conference centers and arenas offer ample opportunity
for hackers to get ahold of data. The Mercedes-Benz Stadium, the
host of the 2018 Super Bowl, can accommodate up to 71,000 fans.
The Indianapolis Motor Speedway, the largest sports venue in the
United States, can accommodate up to 257,000 people. With capacities
this large, venues automatically provide plenty of opportunities
for hackers to take advantage of the data fans bring into stadiums
and the technology that keeps an event running smoothly.
Going beyond the digital devices fans bring to an event, venues
have a vast environment of IT networking equipment behind the
scenes that is vulnerable to an attack. Venues have infrastructure in
place to ensure smooth and safe operations.

For instance, industrial control systems, streaming technologies
and communications mechanisms for public safety and crowd control
are just a few examples of the types of capabilities that require complex
IT infrastructure, and these systems are all managed by teams of
IT personnel who often go unnoticed by fans during events. On top
of ensuring live events run smoothly for fans, both inside and outside
of a venue, IT teams must ensure their infrastructure is working efficiently
and effectively to reduce the risks to public safety.

This is a big task for IT teams that are often limited in size and
resources, meaning it’s critical that they have the right cyber infrastructure
and resources in place to ensure smooth and safe operations
for guests. In January, the 2019 College Football Playoff National
Championship saw more than 240,000 events generated in the twoday
period surrounding the game. This is a huge volume of events
to manage, and to put it into perspective, it would likely take 125
trained analysts to investigate this number of events within this timeframe—
yet most venues don’t have the luxury of having teams of this
size. To overcome this challenge, it’s important for venues to consider
augmenting human capability with the right tools to meet today’s
cyber infrastructure needs.

As cyberattacks continue to become more prevalent, impactful
and damaging, venues—like other businesses—cannot afford to
stand on the sidelines of cyber modernization, they must take steps
now to prevent potential threats from making an impact in the future.

The following are three considerations for prepping a venue for
the future of cybercrime.

Combine the Best of Human
Judgement with the Scale
and Flexibility of Technology

More likely than not, the threat landscape will continue to grow in
complexity and expand its impact, yet venues, like other organizations,
struggle to find the talent needed to thwart threats. In fact,
according to (ISC)2, organizations globally are facing a shortage of
almost 3 million cybersecurity professionals.

As IT teams continue to be stretched for resources and talent, venues
must look to combine the abilities of human insight and decisionmaking
with the depth of analysis that technology provides. IT teams
today don’t have the luxury of excess time to hire, train and retain the
analysts they need, plus the old ways of building SOCs are outdated,
expensive and time-consuming.

Teams today need modern systems that can handle the large
amount of data sources and help to automate the decision-making
process to free up analyst time and help security teams operate at a
more effective level. This means investing in tools that go beyond providing
alerts to providing the context needed to help analysts spend
time on the situations that truly matter. For example, platforms that
use mathematical models, like a Bayesian inference, an approach that
focuses on making decisions under uncertainty, can better inform decision-
making and prevent mistakes. This approach embeds expertise
and provides analysts with a deeper, more accurate understanding of
the relationships between the variables to better diagnose threats and
better position themselves within their organization.

Understand the Environment and
Focus on the Data that Matters

With the right combination of people and technology in place, security
teams are positioned to be more efficient and accurate, but they
must first determine what’s most important to the organization. As
the amount of security sensors and data types continues to expand,
security teams can easily get overwhelmed by the data that needs to
be monitored and analyzed.

As a first step, teams must first identify and prioritize the venue’s
critical data sources to determine what’s most important and impactful
for ensuring security events are mitigated before the cause damage.
For example, endpoint protection, network intrusion detection
and web proxy/filtering are three critical data sources to consider for
frontline monitoring.

It is also important to go beyond the data and understand the
environment that needs monitoring. Critical and high-value assets,
such as IT infrastructure, communications systems and public safety
systems, should be prioritized and analyzed in context to ensure security
teams can make accurate escalation decisions if and when an
event occurs.

Critical and high-value accounts, such as IT administration account,
executives and other high-level privileges, as well as external
intelligence like geo-location data, should also be taken into consideration
when analyzing a venue’s security environment.
Once the data that matters most is identified, teams can more accurately
establish network security procedures, and begin to develop
an incident response plan that is designed to best secure a venue and
its visitors.

Boost Collaboration Between
All Security Stakeholders

Technology integrations can only be successful when venues ensure
they are bolstering collaboration between all stakeholders, including
IT and security teams, operations and law enforcement officials. Like
other large businesses, the scale of operations at venues can be complex
and fast moving, meaning teams must be tightly organized and
able to react to quickly changing environments on short notice.

With the right technology on standby to gather, analyze and alert
analysts, venues must involve all security stakeholders early on to ensure
alerts can be acted on when necessary, especially when public
safety is at stake. Security Analysts must work quickly and be in sync
with security and law enforcement teams to prevent potential harm
to venue guests.

It is only a matter of time before a major cyberattack affects a
large event somewhere in the United States, so venues must be prepared
to act quickly and effectively before large-scale disruption,
revenue loss or harm occurs. Only when the best
capabilities of both human team members and
technology are combined, will venues be better
able to respond to threats and prevent them from
making an impact in the first place.

This article originally appeared in the May/June 2019 issue of Security Today.