High-profile, high-tech F1 teams such as Mercedes are attractive targets for hackers and cyber criminals. Some of the threats they face are familiar, particularly ransomware and phishing, while others particularly relate to the travelling caravan of remote workers involved in a 22-race season and the IP the teams own and rely on the maintain an edge over their competitors.
“In this hybrid world, a lot of the technology comes out of Formula One and then trickles down into the cars that we drive, so there’s a tremendous amount of technology that’s on the cutting edge that obviously needs to be protected and certainly could be a target for nation-state actors”
George Kurtz, CEO of CrowdStrike (Mercedes cyber security partner)
Every week, the Mercedes team’s cyber security partner CrowdStrike details the potential cyber threats that members of the team could face in the country where the race circuit is located, and how to stay safe online. Team laptops, tablets and phones are routinely monitored and scrutinised for breaches as an alternative to locking them down, which could compromise team performance. They also make extensive use of cloud-based applications and services.
An F1 team could have to manage 250,000 emails during a race week. At Imola in November 2020 during the delayed F1 season, McLaren F1’s CEO Zak Brown was targeted, A sophisticated phishing email designed to look like a familiar business communication was intercepted and nothing happened, but it was a close call. McLaren’s Darktrace email security software analyses information about users’ previous activities to ensure legitimate messages are not blocked.
F1 teams, like many other businesses today, don’t rely solely on tech to protect themselves. From the CEO to the team’s clerical and support staff, teams receive regular cyber security training, something all organisations should be considering if they take cyber security seriously.
“It looks just like our email address, and so I don’t blame any of our staff who got caught by those things because it was very, very sophisticated – there’s a lot more social engineering going into the phishing emails now. They learn a huge amount of information”
Graeme Hackland, CIO, Williams Racing F1.
Williams F1 is very alive to the problem of phishing emails, especially those circulating internally, concerning financial information, including relating to their dealings with suppliers. Despite its best efforts, the team was targeted a ransomware attack in 2014 involving an innocuous download of tech specs for a washing machine. Again, the hackers did not breach the security protocols they had put in place, but if it happened a little later on that particular day it might have been a different story.
All of tis goes to show that, no matter how sophisticated your IT infrastructure is, human frailties can be preyed upon and exploited. Often nobody is particularly to blame, the criminals are that sophisticated. Training and individual responsibility can trump clever software as long as people remain aware of their surroundings and the constant threat from clever, sly bad actors.
Source: ZDNet
Informed Sauce is hosting an Infinidat-sponsored event in London on 2 December about protecting businesses from cyber crime.
Short talks from the Metropolitan Police, a military-trained cyber threat expert and sponsor Infinidat’s EMEA Field CTO will be followed by a panel-led, room-wide moderated discussion, with plenty of opportunities for you to contribute your thoughts and ask questions.
Visit the event microsite for more details and to sign up.