What The Cardinals And Astros Tell Us About The Future Of Cheating


Screen Shot 2015-07-17 at 7.44.22 AM

And you thought A-Rod and Tom Brady were bad….

The St. Louis Cardinals organization recently fired its scouting director amid allegations of hacking into the Houston Astros’ internal computer network. The hack gave the Cardinals access to sensitive data ranging from scouting reports to trade discussions. While this may be professional sports’ first foray into electronic corporate espionage, it certainly won’t be the last.

Admittedly, St. Louis’ team members would’ve unearthed serious advantages had they not been caught with their hands in the cookie jar: They could’ve taken advantage of trade talks to undercut a deal, supplemented their existing data with scouting reports from Houston’s files, or even stolen entire reports on certain players, driving the Astros to shift their resources toward scouting additional prospects.

Get The Latest Sports Tech News In Your Inbox!

Hacking allows teams to do twice the work using half the manpower. Given the growth of statistical analytics in sports and the increasing digitization of the world around us, an uptick in hacking actually makes a lot of sense.

According to ESPN’s rankings, the Astros are the second most analytics-driven team in the professional sports world. Access to their database — including their homegrown metrics, formulas, and analysis — would be a gold mine for any team looking for an edge.

The attack itself wasn’t particularly complex, and the Cardinals’ true motivation for cracking Houston’s systems remains unclear. However, with the wealth of information teams keep behind cyber walls, it’s only a matter of time before methods of espionage become more advanced.

How Teams Are Vulnerable to Hacking

Baseball teams want players who hack away in the batter’s box, not those who infiltrate their computer systems. To protect against future security breaches, sports teams should be aware of three types of attacks:

  • Social engineering: The least technical hacking method, social engineering simply involves tricking employees of a targeted company into breaking security protocols. For instance, a hacker could obtain the last four digits of an employee’s Social Security number and use them to gain access to the employee’s accounts, possibly doing so by calling the corporate help desk and pretending to be that worker.
  • Phishing: The most common method of cyberattack, phishing usually happens via email. The messages often look perfectly legitimate, but they include malicious links that either install malware on computers or direct recipients to fake websites that trick them into revealing confidential information.
  • Waterhole: This type of attack is less common, more technically sophisticated, and typically used to infiltrate companies with higher security standards. Waterhole attacks involve putting malware into the system of a smaller, less secure company that does business with the primary target company. Then, the hacker waits for an opportunity to infiltrate the systems of the target company when both businesses interact.

DLP isn’t a new league; it’s data loss prevention. How do you make sure your material doesn’t leave the ballpark?

Follow these steps to shore up your team’s data security:

  1. Encrypt Data

Encryption scrambles sensitive information into a language that unauthorized parties can’t translate. While it doesn’t necessarily prevent the data from being stolen, it does make the data impossible to interpret. This is a great tool that can protect virtually any type of information.

  1. Educate Employees

Smart hackers don’t target the tech wizards of an organization; they target average employees who aren’t well-versed on cybersecurity. This is why teams need to educate every member of their organization — from top to bottom — on best security practices like password diversity, recognition of malware, telltale signs of phishing scams, and more.

  1. Have a Crisis Plan

Teams should always be prepared for a data breach. There are countless scenarios: What if the chief security architect suddenly quits his job, or a disgruntled employee becomes an insider threat? These situations aren’t fun to imagine, but planning for a catastrophe can mitigate future devastation. Engaging in annual external security audits provides fresh, unbiased perspectives that help organizations identify defense gaps.

  1. Keep Up-to-Date

Hackers are tech-savvy, and they stay on top of the latest tools and techniques. It would be wise for teams to do the same with their security measures by making a substantial investment in their cyber infrastructures.

The professional sports world is no longer immune to the underhanded techniques we so commonly see in the rest of the business world. The Cardinals’ story is only the first of what I predict to be a long line of hacking incidents in the majors.

Whether protecting advanced metrics on prospects or insider talks on potential trades, all sports teams need to exercise extreme caution with their computer systems moving forward.

 

Daniel Riedel is the CEO of New Context, a systems architecture firm founded to optimize, secure, and scale enterprises. New Context provides systems automation, cloud orchestration, and data assurance through software solutions and consulting. Daniel has experience in engineering, operations, analytics, and product development. Previously, he founded a variety of ventures that worked with companies such as Disney, AT&T, and the National Science Foundation.