The beautiful game is feeling a little less beautiful for some fans this week as Manchester United football club revealed last Friday that they were a victim of a ‘sophisticated’ cyber attack. They were also quick to assure fans that preliminary assessments show that their data was not affected.

The Manchester United cyber attack is yet another reminder that it is a matter of when, not if, a cyber attack will hit every organisation. However what is interesting about this is Manchester United’s cybersecurity defences, and how they kicked in when needed.

Manchester United Cyber Attack Response

Manchester United’s press release told us about their cyber attack response and contained several interesting glimpses into their cybersecurity risk management. The contents of the press release told us:

– Manchester United have extensive policies and procedures in place to deal with a cyber attack, and they rehearsed for a scenario like this. 

– Their network security defences identified the attack and disconnected the affected systems to contain the damage and protect data. 

– They acted swiftly to contain the attack and at the time of the press release they were working with expert advisers to investigate the incident. 

– Manchester United remained fully operational in the aftermath of the attack, and were able to play their scheduled match against West Bromwich Albion at home on Saturday (which they won). 

If in fact their network security and cybersecurity risk management plans did protect fans’ data, then the Manchester United cyber attack response will have also saved them from a GDPR fan and a hit to their reputation.

This incident, and Manchester United’s cyber attack response are exactly what cyber professionals refer to when they talk about cybersecurity risk management, and the benefits of being prepared. The information in the press release sounds like a textbook cybersecurity plan.

Learning the lessons from the Manchester United cyber attack response

While Manchester United remains tight lipped about what exactly happened, the press release did give us some clues about how their cybersecurity risk management plans worked.

  1. Strong cyber defences

Manchester United’s release said that their cyber defences detected the attack, and immediately disconnected the affected systems to prevent further damage. It was that initial disconnection that meant that the website and app were unaffected, and most likely how they can be confident enough to say that there is no evidence of a data breach. The quick response also meant that Manchester United did not experience any operational downtime, and were able to play a home match within days of the attack.

Lesson learned: Ensure network security monitoring and alerts systems are up to date and operational. Early detection will stop the cyber attack and limit the damage it can cause.

  1. Effective preparation

Manchester United said that they had a cybersecurity risk management plan in place, including policies and procedures to deal with a cyber attack, and that more importantly, they had rehearsed for the eventuality of an attack. This meant that when the Manchester United cyber attack actually took place, they were able to follow those policies and procedures quickly, and everyone knew their role. At the time of the press release, they were already working with outside investigators, and they had informed the Information Commissioner’s Office about the attack.

Lesson learned: Policies and procedures are a vital part of any cybersecurity risk management plan as they set out what needs to be done in the event of an attack. However, even more vital to a successful cybersecurity risk management plan is rehearsing what happens in the event of an attack, so that no one goes in blind.

  1. Uninterrupted operations

Manchester United were able to mobilise quickly after the cyber attack due to their preparation. Although we do not know exactly when the attack took place, we can assume it was sometime in the week leading up to the press release on 20th November. Manchester United did not miss a match last week, including the home match on Saturday, which confirms that they did not experience any operational downtime as a result of the attack. 

Lesson learned: Effective network security and cybersecurity risk management plans will help avoid operational downtime in the event of an attack. Operational downtime causes loss of revenue and reputation, and in a worst case scenario, could even be fatal.

It pays to be prepared

Cyber attacks can target any organisation, wherever they are in the world, and that can’t be avoided. However what can be controlled is how much damage that attack does. The Manchester United cyber attack response has shown just how effective proper network security defences and cybersecurity risk management can be at reducing the impact of an attack when it actually happens.

Stay safe