Although my team isn’t playing in the tournament, and I’m really not much of a basketball fan, I do realize we’re in the midst of March Madness. I suspect I will be like millions of others who will log on to sports sites to check the scores and watch for upsets. I know I won’t be watching any of the games online, but I’m not like the millions who plan to stream at least part of the Thursday and Friday games on their work devices.
At this time of the year, there is usually a lot of discussion about the toll the tournament takes on networks. We know that all of the streaming video and constant score updates eat up a lot of bandwidth that slows down production and actual work-related transmissions. But does it also pose security concerns?
According to TEKsystems, 47 percent of IT staff worries that the network will be at a greater risk because of all the March Madness online activities – with many of them done without permission or against company rules. Indeed, security needs could strain IT departments this week. In an email to me, Mark Parker, senior product manager at iSheriff, listed a few security risks that companies and basketball fans need to be aware of:
- SEO poisoning has skewed the results of March Madness related searches so effectively that links to malware-infected pages were on the first page of search results of every major search engine.
- Thousands of drive-by and download-and-install malware infections from March Madness-related sites, both legitimate and spoofed.
- Phishing attacks targeting users following their March Madness brackets on popular sites such as ESPN and Yahoo.
- Malware masquerading as video players that will allow the user to stream the games.
- Links posted in forums, comments and social media that promise March Madness info or streams, but only direct the user to an infected site.
- A large influx of fake betting sites used to grift the credit card info of unsuspecting users.
Parker also described to me how the hackers consider their targets:
As with anything popular, criminals and ne’er-do-wells are drawn to an easy-to-exploit opportunity. Just as pickpockets target frequently visited locations that provide a target-rich environment, so do the online criminals behind malware. Predators hang out near the watering holes that draw the prey, because it is easier than hunting the prey outright. March Madness provides that easy-to-access watering hole for online criminals.
Today is the time to start preparing employees and networks for the onslaught coming later in the week. If you wait until Thursday to warn people of the security risks, you might be too late.
And since my own team won’t be playing until next November, I’m rooting for a never-done-before Sixteen Seed upset over a Number One. If that actually happens, heaven help the Internet!
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom’s Guide. You can reach Sue via Twitter: @sueporemba