The beautiful game is feeling a little less beautiful for some fans this week as Manchester United football club revealed last Friday that they were a victim of a ‘sophisticated’ cyber attack. They were also quick to assure fans that preliminary assessments show that their data was not affected.

The Manchester United cyber attack is yet another reminder that it is a matter of when, not if, a cyber attack will hit every organisation. However what is interesting about this is Manchester United’s cybersecurity defences, and how they kicked in when needed.

Manchester United Cyber Attack Response

Manchester United’s press release told us about their cyber attack response and contained several interesting glimpses into their cybersecurity risk management. The contents of the press release told us:

– Manchester United have extensive policies and procedures in place to deal with a cyber attack, and they rehearsed for a scenario like this.

– Their network security defences identified the attack and disconnected the affected systems to contain the damage and protect data.

– They acted swiftly to contain the attack and at the time of the press release they were working with expert advisers to investigate the incident.

– Manchester United remained fully operational in the aftermath of the attack, and were able to play their scheduled match against West Bromwich Albion at home on Saturday (which they won).

If in fact their network security and cybersecurity risk management plans did protect fans’ data, then the Manchester United cyber attack response will have also saved them from a GDPR fan and a hit to their reputation.

This incident, and Manchester United’s cyber attack response are exactly what cyber professionals refer to when they talk about cybersecurity risk management, and the benefits of being prepared. The information in the press release sounds like a textbook cybersecurity plan.

Learning the lessons from the Manchester United cyber attack response

While Manchester United remains tight lipped about what exactly happened, the press release did give us some clues about how their cybersecurity risk management plans worked.

Strong cyber defences

Manchester United’s release said that their cyber defences detected the attack, and immediately disconnected the affected systems to prevent further damage. It was that initial disconnection that meant that the website and app were unaffected, and most likely how they can be confident enough to say that there is no evidence of a data breach. The quick response also meant that Manchester United did not experience any operational downtime, and were able to play a home match within days of the attack.

Lesson learned: Ensure network security monitoring and alerts systems are up to date and operational. Early detection will stop the cyber attack and limit the damage it can cause.

Effective preparation

Manchester United said that they had a cybersecurity risk management plan in place, including policies and procedures to deal with a cyber attack, and that more importantly, they had rehearsed for the eventuality of an attack. This meant that when the Manchester United cyber attack actually took place, they were able to follow those policies and procedures quickly, and everyone knew their role. At the time of the press release, they were already working with outside investigators, and they had informed the Information Commissioner’s Office about the attack.

Lesson learned: Policies and procedures are a vital part of any cybersecurity risk management plan as they set out what needs to be done in the event of an attack. However, even more vital to a successful cybersecurity risk management plan is rehearsing what happens in the event of an attack, so that no one goes in blind.

Uninterrupted operations

Manchester United were able to mobilise quickly after the cyber attack due to their preparation. Although we do not know exactly when the attack took place, we can assume it was sometime in the week leading up to the press release on 20th November. Manchester United did not miss a match last week, including the home match on Saturday, which confirms that they did not experience any operational downtime as a result of the attack.

Lesson learned: Effective network security and cybersecurity risk management plans will help avoid operational downtime in the event of an attack. Operational downtime causes loss of revenue and reputation, and in a worst case scenario, could even be fatal.

It pays to be prepared

Cyber attacks can target any organisation, wherever they are in the world, and that can’t be avoided. However what can be controlled is how much damage that attack does. The Manchester United cyber attack response has shown just how effective proper network security defences and cybersecurity risk management can be at reducing the impact of an attack when it actually happens.

Stay safe

Cookie	Duration	Description
_GRECAPTCHA	5 months 27 days	This cookie is set by Google. In addition to certain standard Google cookies, reCAPTCHA sets a necessary cookie (_GRECAPTCHA) when executed for the purpose of providing its risk analysis.
cookielawinfo-checkbox-advertisement	1 year	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Advertisement".
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
elementor	never	This cookie is used by the website's WordPress theme. It allows the website owner to implement or change the website's content in real-time.
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Cookie	Duration	Description
_ga	2 years	This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors.
_gat_UA-176747747-1	1 minute	This is a pattern type cookie set by Google Analytics, where the pattern element on the name contains the unique identity number of the account or website it relates to. It appears to be a variation of the _gat cookie which is used to limit the amount of data recorded by Google on high traffic volume websites.
_gid	1 day	This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the website is doing. The data collected including the number visitors, the source where they have come from, and the pages visted in an anonymous form.
CONSENT	16 years 5 months	These cookies are set via embedded youtube-videos. They register anonymous statistical data on for example how many times the video is displayed and what settings are used for playback.No sensitive data is collected unless you log in to your google account, in that case your choices are linked with your account, for example if you click “like” on a video.

Cookie	Duration	Description
IDE	1 year 24 days	Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile.
test_cookie	15 minutes	This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies.
VISITOR_INFO1_LIVE	5 months 27 days	This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website.
YSC	session	This cookies is set by Youtube and is used to track the views of embedded videos.

Manchester United Cyber Attack: A Textbook Response

Manchester United Cyber Attack Response

Learning the lessons from the Manchester United cyber attack response

It pays to be prepared

Recent Posts

How to build a cybersecurity strategy for startups

ISO 27001 vs SOC 2 – Which is better for your organisation?

Encryption of data in use: A new standard in data protection

What is HIPAA Compliance for Startups?

Benefits of ISO 27001: Why you need a cybersecurity framework

Are you the weakest link? How to prevent software supply chain attacks

Services

Location & Contact Details

Stay Connected