The World Cup Finals Are Here
Written by: ceren
Written by Ferhat Dikbiyik
Additional Contributor Yavuz Han
Edited by Haley Williams
Black Kite Research Examines Country Sponsors for Third Party Risk Indicators
Large-scale sporting events have always been a risky business, even when robust security planning is done. Massive events, like the Olympics, require significant support from external contractors to be successful. In 2018, as the Winter Olympics opening ceremony was about to start, every domain controller in Seoul began shutting down, leaving the Olympics’ IT team with a sea of black screens, unresponsive WiFi, and a broken mobile application. One of their IT contractors had been compromised just 30 minutes prior to the global event’s kick off and it was too late to stop the attack.
The World Cup is an event that captures the attention and hearts of viewers and fans worldwide. It brings together countries, packs bars with curious onlookers, and brings attention to some of the world’s best athletes. With this event comes hundreds of sponsorships, and each participating country has their own list of financial backers.
At Black Kite, we regularly study data and explore the effects third parties have on the organizations they work with. For this particular risk analysis, Black Kite Research utilized the power and scale of the Black Kite platform to analyze the current cyber posture of the 300+ sponsors and suppliers for the participating World Cup teams.
This interactive graph plots all countries and their average technical cyber rating vs. average ransomware susceptibility rating. Hover over each country for a summary and to see how many sponsors each one has.
Legend – Country Name: (Technical Cyber Rating, Ransomware Susceptibility Rating, # sponsors in that country)
Thinking about the scale and scope of this event, if a sponsor of one of these countries had a cyber incident during the World Cup, such an event could compromise the team’s home country. At the very least, it could give reputational risk a seat at the table for that sponsor and team.
Black Kite operationalizes non-intrusive, powerful scans that tap a vast data lake, accessing information on 34+ million companies to provide a technical rating (and further calculations.) This technical rating is a weighted average of 20 risk categories mapping back to 290 controls with their proper MITRE classifications.
Overall Technical Cyber Rating
Overall, the 348 sponsors analyzed had an average technical rating of a B, with 17% of companies having a C or lower technical rating. When broken down into countries, we see that most countries had an B-rating as well, with South Korea as an outlier (coming in at C+). To provide more context country-by-country, Black Kite Research broke each country into its own ecosystem for separate evaluation.
This interactive chart shows the average technical cyber, FAIR financial impact, compliance and ransomware susceptibility ratings for each country.