Seb Coe defends IAAF response to athlete data hack and shares insights from London 2012 cyber security plans
Lord Sebastian Coe highlighted the key to protecting an organisation from cyber security threats is to ensure a good relationship with all stakeholders and has defended the International Association of Athletics Federations’ (IAAF) response to a data breach earlier this year.
An assault perpetrated by the ‘Fancy Bears’ Russian hacking collective saw confidential athlete medical data put at risk and was a further hit to the IAAF’s reputation following a series of scandals.
Coe won London’s bid to host the 2012 Olympics and delivered by all accounts a successful games. He is now President of the IAAF, which is holding the World Athletics Championships in the UK capital this summer.
Sport and cyber security
He told the audience at Infosecurity Europe that “interesting organisations doing interesting things” would always be a target for cyber attacks, especially those with alleged links to nation states.
The IAAF, along with the International Paralympic Committee, was one of the few major sporting organisations to ban Russian athletes following an investigation into systematic doping. This took effect at the Rio 2016 Olympics and the ban is still in place.
“Our assumption was that as we were the only federation [to ban Russia] … we were [going to be a target],” he said. “You have to be very open at those moments and I apologised to the athletes. I think they’re entitled to believe that if you’re giving private information that it is to be protected.”
Coe said the response was “proactive” and that the IAAF’s security teams were continually updating their infrastructure and improving their methods ahead of the World Championships.
What is your biggest cybersecurity concern?
- Ransomware (28%)
- Humans / Social Engineering (27%)
- State sponsored hackers (14%)
- Malware (14%)
- Other (7%)
- Out of date tools (6%)
- DDoS (4%)
Cyber security was a key consideration at London 2012 where there were 212 million malicious attempts on the official website alone. However fears regarding cyber terrorism failed to materialise and only 77 of these instances required a human response.
Coe said the key to managing risk in such an environment was to have a good relationship with public sector and private sector stakeholders and acknowledge that sport was now a serious target for cyber criminals.
“In sport we’ve been subjected to the same type of cyberattacks that other organisations have been dealing with for some time,” he said. “It’s about making sure you understand attribution, the tools being used, the intent and the theatre that this information is going to be disseminated.”