Cyber Attacks on the World Cup: Lessons Learned

As a child, I played soccer fervently. My father, a German immigrant to the U.S. who was very passionate about the sport, explained to me that there is no game that brings the world closer together. He further explained that this team sport could not be experienced alone as it needed to be enjoyed as a community and wove us all together in an inextricable way. To my father, soccer was a great equalizer among societies, people and investments. He felt that soccer taught us that rich countries didn’t always win and societal ranking was no guarantee of high status – soccer was meant to provide a shared worldwide experience to which we could all relate.

With an estimated viewing audience of over 3.2 billion globally (roughly 50 percent of the world’s population), not only does the 2014 World Cup provide that shared experience, it draws a large amount of viewers to television screens around the world and a fair amount of advertisers as well. Given all of this rich history and fervor, it’s no surprise that this makes a great venue for idealistic (and perhaps nefarious) actors, such as the hacking collective Group Anonymous, to solicit new recruits to their struggles.

Earlier this month, Brazilian government sites, sporting sites and advertisers of the World Cup were cautioned to be on high alert for potential cyber attacks. Anonymous’ goal is to disrupt the advertising spend of companies who shell out hundreds of millions of dollars to the Brazilian television network Globo for ads during this year’s World Cup. These major companies include Coca-Cola, Johnson & Johnson, Hyundai, Nestle and others.

Dubbed #OpWorldCup and #OpHackingCup, Anonymous launched a number of DDoS attacks against the official World Cup website, government websites of Brazil and websites of those who sponsored the month-long soccer match, all in retaliation for the estimated $11 billion that has been spent by Brazil in preparation for World Cup.

Threats of these attacks came to surface in February 2014. So, why were the actual attacks successful, and what are the lessons to be learned? I’m certain much will be written on the specifics of these attacks and how to tighten security around these evolving threats, however, there is one clear lesson already learned:

Anytime the entire planet’s attention is on a single event like the World Cup, the marketing and advertising departments of sponsoring companies spend tens of millions in sponsorship costs vying to reach as many people as possible. While they try to make a splash on the global stage, these groups need to understand they can accrue cyber-risk which can potentially destroy the ROI from an advertising spend and damage brand reputation due to hacktivism. Recent attacks by Anonymous show the need for brand managers and security teams to work together when preparing large global initiatives.

Just as a marketer uses message testing to understand how a campaign will impact specific demographics, he or she needs to consult with their security teams to assess the risk from a cyber-perspective.

Just as my father said, soccer is a team sport that cannot be experienced alone. Soccer weaves us all together in an inextricable way. In order to win this match against hactivism, advertisers and security teams need to get each player involved because their dollars and reputation are counting on it.

Carl Herberger is the Vice President of Security Solutions at Radware, a leader in application delivery and security solutions that assures the availability, performance, and resilience of business-critical applications for over 10,000 enterprises and carriers worldwide. A recognized information security expert, Herberger draws on his extensive information security background in both the private and public sectors. He began his career in the U.S. Air Force as a computer warfare specialist at the Pentagon and managed critical operational intelligence programs aiding both the National Security Council and Secretary of the Air Force. Herberger founded Allied InfoSecurity and held executive security positions at BarclayCard US, SunGard and Campbell Soup Co.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.