In March 2018 FIFA confirmed they suffered a data breach, this is their second breach as they were hacked by one of Russia’s intelligence agencies last year, leading to the leak of a list of players who had failed drugs tests. According to reports, that leak originated through a phishing operation aimed at UEFA officials to obtain their login credentials.
Following the hack in March 2018, FIFA took several measures to improve their IT security, in order to protect employees, and the data held by the organisation.
FIFA, rightly, condemns any attempts to compromise the confidentiality, integrity and availability of data in any organisation using unlawful practices.
However, these measures don’t reflect the scale of the breach, or provide assurances of the organisation’s cyber security programme. After all, in his announcement to the Associated Press, FIFA President Gianni Infantino said that
“…media outlets had been in touch about leaked information they had received.”
In other words, FIFA itself had not realised that it had suffered this second breach until the media got in touch. As far as public perception of their ability to protect their data and systems goes, an additional breach in such a short time span can only be described as an “Own Goal” and some ‘Shocking Defending”.
While many of us can appreciate Infantino’s perspective, the fact remains that there are effective tools and systems that organisations can employ to reduce the risks, such as encryption, password controls and permissions settings. This combined with regular Cyber Awareness Training and Phishing tests, such as those delivered by Mirus and Webroot, can dramatically reduce the risk of a breach occurring in the first place.
Whatever the fallout from this breach is, FIFA needs to take a good look at its internal processes and systems in order to avoid breaches in the future. After all, this is the second time the organisation has suffered a high-profile breach. To be breached once is unfortunate, but to be breached two times in close succession is disastrous.
It’s clear that it’s time to change tactics and undertake measures to improve cyber defences with a ‘Solid Back 4’ made up of End User Training, Improved Internal Policies, Dark Web Monitoring and Encryption.
Do you know if your end user credentials could be putting you at risk?
A FREE Dark Web Scan from Mirus and ID Agent can tell you not only if you are at risk of a breach, but if you’ve already suffered a breach.
Request yours today.