Black Kite Research Examines Country Sponsors for Third Party Risk Indicators

Large-scale sporting events have always been a risky business, even when robust security planning is done. Massive events, like the Olympics, require significant support from external contractors to be successful. In 2018, as the Winter Olympics opening ceremony was about to start, every domain controller in Seoul began shutting down, leaving the Olympics’ IT team with a sea of black screens, unresponsive WiFi, and a broken mobile application. One of their IT contractors had been compromised just 30 minutes prior to the global event’s kick off and it was too late to stop the attack.

The World Cup is an event that captures the attention and hearts of viewers and fans worldwide. It brings together countries, packs bars with curious onlookers, and brings attention to some of the world’s best athletes. With this event comes hundreds of sponsorships, and each participating country has their own list of financial backers.

At Black Kite, we regularly study data and explore the effects third parties have on the organizations they work with. For this particular risk analysis, Black Kite Research utilized the power and scale of the Black Kite platform to analyze the current cyber posture of the 300+ sponsors and suppliers for the participating World Cup teams.

This interactive graph plots all countries and their average technical cyber rating vs. average ransomware susceptibility rating. Hover over each country for a summary and to see how many sponsors each one has.

Legend – Country Name: (Technical Cyber Rating, Ransomware Susceptibility Rating, # sponsors in that country)

Thinking about the scale and scope of this event, if a sponsor of one of these countries had a cyber incident during the World Cup, such an event could compromise the team’s home country. At the very least, it could give reputational risk a seat at the table for that sponsor and team.

Black Kite operationalizes non-intrusive, powerful scans that tap a vast data lake, accessing information on 34+ million companies to provide a technical rating (and further calculations.) This technical rating is a weighted average of 20 risk categories mapping back to 290 controls with their proper MITRE classifications.

Overall Technical Cyber Rating

Overall, the 348 sponsors analyzed had an average technical rating of a B, with 17% of companies having a C or lower technical rating. When broken down into countries, we see that most countries had an B-rating as well, with South Korea as an outlier (coming in at C+). To provide more context country-by-country, Black Kite Research broke each country into its own ecosystem for separate evaluation.

This interactive chart shows the average technical cyber, FAIR financial impact, compliance and ransomware susceptibility ratings for each country.

World Cup Sponsor Avg v3

The analyzed companies had 2.8K failed critical findings overall, and 22K failed high alert findings. Critical vulnerabilities have a MITRE CWSS or CVSS score above a 7.5 and are categorized as high-priority issues that an organization should look into immediately.

What is going on with South Korea?

While a C+ isn’t far off from a B-, we decided it would still be beneficial to see what leads to having a C rating in the platform. If we look into this country’s sponsor supply chain, we can see that they have 12 sponsors. Within these 12 companies, six have C-ratings and one has a D-rating, contributing to the overall country grade.

The majority of the companies with low ratings also have particular alerts for Focus Tags™. FocusTags™ were built to identify vendors within an ecosystem that have experienced a recent high-profile cyber event or have IT assets in countries like China, Russia, and the Ukraine. Below are a few examples of sponsor companies in South Korea that are associated with various cyber events and assets.

What About Ransomware Risk?

Ransomware is still one of the most common threats organizations face. In order to alert companies and their third parties to potential ransomware attacks, Black Kite’s Ransomware Susceptibility Index® provides not only a susceptibility rating but also a list of critical vulnerabilities that are likely to be exploited for ransom.

The average RSI™ rating across all 348 organizations is 0.26. While this is considered a low rating overall, 15 companies have a rating above 0.6, indicating high susceptibility to a ransomware attack. Of the 15 companies, 3 are Polish sponsors and 2 are Tunisian sponsors, putting those countries and teams at greater risk of an attack.

The highest reported RSI™ rating is a 0.89 and it belongs to a manufacturing company (Company X) that sponsors the Polish team. They have F-ratings in Patch Management, Application Security and Credential Management and show 54 ransomware-specific vulnerabilities, including:

  • Software Patching Issues
  • Leaked Credentials
  • Publicly-Visible Critical Ports
  • Poor Email Configuration
  • Fraudulent Domains

This image shows the current cyber posture of Company X:

With so many people descending on Qatar for the World Cup, the event itself is at risk for a wealth of potential threats. The World Cup team has been working on cybersecurity preparedness for years leading up to the event, but with a large list of event and team sponsors, it’s difficult to prepare for threat actors that might impersonate third-party domains or create fake mobile apps or social media pages.

Gartner’s number one prediction for 2023 is that supply chain and geopolitical risk will dominate cybersecurity. With that in mind, Black Kite Research will continue to provide supply chain risk analyses that frame the global challenge and provide insight where it’s needed most.

Good luck to all teams!