When asked about Super Bowl XLI, most casual fans will remember the rain soaked classic in Miami that featured Peyton Manning leading the Indianapolis Colts to his first championship. But for those in the cyber-security industry, the game stood out for another, less-publicized reason.
Just days before kickoff, some of the Dolphins’ websites were found to be compromised by malware and were infecting users’ devices as well. Given the timing of the attack, the websites were receiving heavy traffic prior to the Super Bowl. The solution proved to be costly both in terms of time and dollars. Amit Ashbel is the Director of Product Marketing at Checkmarx, a company that seeks to help implement security features at the earliest stages of software development. We spoke to Ashbel about how the company, founded in 2006 shortly before the Dolphins’ hack, is working with developers to ensure that hackers don’t have a way to attack their software in similar ways in today’s even more technologically advanced times.
Get The Latest Sports Tech News In Your Inbox!
“While the software industry has been dealing with security risks for a couple of decades already, these new players are not always addressing security properly at first, thus leaving a fertile attack surface for attackers,” Ashbel said, referring to the growth of apps and software in sports and sports media. “Protecting the code at the initial design stage is probably the largest advantage an organization has over the hacker (access to the code itself).”
Given their recent boom in technological growth, sports and sports-related industries have proven to be a high-growth area for both cybersecurity and cybercrime. The distinguishing feature of the Checkmarx platform is their work at the earliest stages of the software development life cycle to embed security features at the very base level of programs.
“Awareness is rising but not fast enough. Many organizations figure out the need for security measures a bit too late and try to bolt security on to the existing solution rather than protecting the application across its lifecycle,” Ashbel explained. “Security is something that has to start at the design stage and continue all the way through production. Delivering an application with code vulnerabilities and later patching these vulnerabilities has proved itself to be expensive and less effective.”
That pattern of delivering vulnerable code and then having to implement costly fixes is what affected the Dolphins’ during their 2007 hack.
As sports and technology become more ingrained in our daily lives, more access can be gained to our sensitive personal data.These apps know more than just our bank account and personal info. They can know where we are, when we sleep, our favorite teams, our mother’s maiden name, the name of the street we grew up on and countless other things that could be powerful in the wrong hands. As users, we often accept the information requests and privacy claims of these websites, trusting that the developers have done their due diligence to ensure the security of our information. Checkmarx seeks to ensure that the very best security is in place in their clients’ software. They aim to protect our online security in ways we as end-users often don’t and, perhaps, can’t.
Online gambling and fantasy sports are examples of technological platforms that have access to our private financial data. Ashbel spoke on how these industries are working to combat cyber crime. “Online gambling is probably one of the most popular platforms for hackers. The reason for that is the potential access to cash. That said, these industries have taken significant steps to protect their assets and their user’s assets in order to protect and maintain business. Checkmarx has multiple customers in the field of online gambling that we cater to and help deliver applications which are built in a secure manner from the start.”
Private consumers aren’t always the target for these attacks either. More and more, we see teams and athletes themselves becoming the victim of these attacks. For example, earlier this summer, Circle Sport-Leavine Family Racing had its valuable NASCAR driver, course and car data taken hostage by ransomware and had to pay up to get their property back.
“These kinds of attacks are already happening and will become more prevalent in the near future,” said Ashbel. “Cyber espionage is popular across states and global superpowers such as the US, China, Russia and many others and in a competitive world I definitely see this trend leaking into the sporting business. Gaining information about tactics and player metrics can be very powerful for competing teams and very valuable for the person selling the data. Unfortunately, we are all living in a material world and the end game is no longer only prestige but also cash flow.”