For the first time in history, the 2020 NFL Draft was held “virtually” this year. With the NFL, like the rest of the world, endeavoring to safely navigate the Coronavirus pandemic, the originally scheduled venue in Las Vegas was nixed in favor of having NFL teams make their selections from home via videoconferencing on April 23-25.
While the unconventional event successfully concluded with no major technology-related mishaps, Sports Illustrated (SI) called the unprecedented virtual setup “ripe to be hacked.” In his comprehensive SI article detailing the potential problems, Gary Gramling explained that as videoconferencing has become ubiquitous in the world of COVID-19, hackers are understandably exploiting its limitations.
If cybercrime exploits like phishing emails and Zoom hacks are on the rise in lower-stakes venues like schools and churches, just imagine the lure for hackers to find a way into “the combination of 1) a billion-dollar corporation 2) an unprecedented undertaking and 3) a cast of thousands of less-than-tech-savvy users,” wrote Gramling, who concluded that “Altogether, it means the NFL will, almost undoubtedly, be targeted.”
But here’s the thing: the NFL may have made it through the woods without a notable hacking incident upending the process, but the NBA Draft is up next. Currently scheduled for June 25 (although a pushback until at least August 1 looks imminent), the pending NBA Draft has industry insiders just as nervous as the NFL draft did. In late April, NBC Sports reported that Warriors coach Steve Kerr raised this concern in a recent podcast, discussing the matter with Seattle Seahawks coach Pete Carroll.
“Your computer guys probably have to make sure you’re protected, right?” Kerr asked Carroll in the podcast. “I wouldn’t put it past certain teams out there trying to hack their way into your system.”
Drew Shiller, writing for NBC Sports, noted, “And the Warriors (and their IT department) will be watching how it all unfolds.”
Why Virtual Drafts Can Create Field Days for Hackers
It’s not hard to find reasons why any high-stakes event with big money riding on it might turn out to be the hacking opportunity of the decade. In dissecting the issue before the NFL Draft took place, Gramling identified several reasons in SI:
- “Intriguing new attack surface.” The speed at which the new remote systems for draft picks are being assembled is one part of the security problem. Sports Illustrated quoted a former NSA hacker who is now principal security researcher at Jamf, an Apple device management solution—Patrick Wardle—who explained the situation thusly: “Imagine my goal is to hack a team. There’s now a whole new remotely accessible system that was put together quite rapidly, which handles a lot of sensitive information. To me, that’s an intriguing new attack surface.”
- Tech-unsavvy participants. Gramling also pointed out that some sports coaches not only aren’t up to speed with the latest technologies, but actively resist them. Others in the business, he noted, are simply infrequent users, and their lack of familiarity with platforms and programs makes these coaches more likely to make errors that expose the network to hackers.
- Videoconferencing and other third-party vulnerabilities. Among other reasons why the NBA Draft, like the NFL Draft, is at risk of being hacked has to do with flaws in various platforms that teams use to communicate about their choices when operating virtually. Gramling pinpointed vulnerabilities with Zoom, a videoconferencing platform that has proven especially easy for interlopers to exploit, as well as vulnerabilities in the platforms of third-party providers, for example of social media management and marketing services.
SDP Can Plug the Security Gaps
In the type of hybrid and multi-cloud environments that professional sports teams are using for online draft picks, a software-defined perimeter (SDP) approach may hold the key to circumventing would-be hackers. SDP creates “zero trust” security by using micro-tunnels, or micro-perimeters, that facilitate application-based segmentation instead of network-based segmentation.
How does this help foil hackers? By cutting down on the threat of lateral network attacks, through strong limits on remote-user network access. Third parties can only see the specific information they have been allowed by IT to access, without needing access control lists and firewall policies.
You can think of SDP technology as a cloak of “invisibility,” with gateways communicating through the UDP, or user datagram protocol. With just one UDP message channel connecting the gateways, there are no open ports, and no exposed surfaces ripe for attacks.
Whether it’s the NBA Draft or other virtual event involving the exchange of sensitive data, SDP technology can help ensure that only trusted users are enabled to access the application, with a secure perimeter around trusted users. Hackers will find gateways protected and their efforts thwarted, with the network’s attack surface minimized by SDP.