On May 14, 2018, the Supreme Court lifted the federal ban on sports gambling. Since then, twenty-two states, as well as Washington D.C. have allowed, or plan to allow, sports gambling to take place in some form (Pennsylvania being one of them). If you live in a state like Pennsylvania, you are able to wager through mobile apps. FanDuel and Draftkings are the two biggest providers of mobile gambling. These sites have also run daily fantasy sports contests long before 2018.
If you were using these sites to place bets or play in any of their daily fantasy contests the weekend of 10/9/2020, you may have noticed that stats and scores for games were not updating. This is because the stat provider, Stats Perform, was hit with ransomware. Ransomware is a type of malicious software designed to block access to a computer system until a sum of money is paid. Stats Perform spent a week rebuilding their servers and had issues leak into a second week as well.
The outage did not just affect those two sites. It caused disruptions in other fantasy sites around the country. Live scoring and stats updates for some sites without backup plans were down for around 10 days. Stats Perform did not respond to multiple requests to comment from website US Bets, nor offered any public statement since the outage. They have made just one post on their twitter account since the incident, promoting an upcoming webinar for its AI in Sport Series.
This outage has highlighted a multitude of cybersecurity issues that can take place for companies, especially technology driven companies. An organization needs to be ready for an attack like this. Proper incident management preparation can help in cases with Ransomware and other cyber-attacks. While proper cyber hygiene measures should be taken to try to prevent such attacks, companies need to be ready to respond in a swift and strong manor when an incident occurs.
As for the companies who were affected by the outage, this spotlights potential issues with disaster recovery and third party risk management. Organizations should always have backup plans and redundancies in place to be prepared when an outage like this occurs. If there is an IT disruption within an organization, they should always be prepared and have disaster recovery procedures in place to limit outages. Companies should also be evaluating all third parties to understand the likelihood and impact of breaches and outages with their vendors.
Schneider Downs offers a number of services to help organizations with business continuity and disaster planning, and third party risk management through our IT Audit and Cybersecurity practices. Learn more about our services with the links below.
- Schneider Downs IT Audit and Compliance Services
- Schneider Downs Cybersecurity Services
- Schneider Downs Third Party Risk Management
- Schneider Downs Business Continuity and Disaster Planning
- Schneider Downs Digital Forensics and Incident Response
About Schneider Downs Cybersecurity
The Schneider Downs cybersecurity practice consists of experts offering a comprehensive set of information technology security services, including penetration testing, intrusion prevention/detection review, ransomware security, vulnerability assessments and a robust digital forensics and incident response team. For more information, visit www.schneiderdowns.com/cybersecurity or contact the team at [email protected].
In addition, our Incident Response Team is available 24x7x365 at 1-800-993-8937 if you suspect or are experiencing a network incident.