Cyber attack on Man United: what can other clubs learn from its defence? Comment from Netwrix
November 2020 by Ilia Sotnikov, a VP at Netwrix
Manchester United F.C. has reported that its systems suffered from a ‘sophisticated’ cyber-attack last week, which luckily did not result in “any breach of personal data associated with our fans and customers”.
Data security expert Ilia Sotnikov, a VP at Netwrix, has made the following analysis on what other clubs can learn from Manchester United’s response:
“Organisations from every sector should learn from Manchester United’s approach to cybersecurity. It’s virtually impossible to achieve 100% protection from potential hacks today. Instead, you should be focusing your resources on responding to attacks – areas like business continuity, managing the risk to an acceptable level, and being prepared to execute on incident response.
“While there’s not much detail yet about the attack on Manchester United’s systems, there’s a few specific takeaways from the Team’s response already:
Manchester United could contain the attack at an early stage as they would have had an up-to-date incident response plan that they rehearsed regularly, so that the team knows what to do when they need to act quickly.
Despite the break-in, Manchester United says there is no sign of customer data compromise, and the systems critical for the upcoming matches are unaffected. To know this so quickly after an attack means the organisations knows what data and which assets are most critical to the business and are prioritising their security efforts correctly.
The importance of planning your communications in case of attack to protect your customers and your brand cannot be understated. Manchester United has shown proactive communications, informing both the ICO and the general public to prevent the rumour mill, and address possible concerns among fans especially with a match looming – which is admirable when so many organisations are taking weeks, if not months, to detect and report attacks.”