The FAI (Football Association of Ireland) confirmed on Wednesday that servers in its Dublin headquarters were breached in an external hack over the weekend.
In a statement released on Wednesday, the FAI said that the breach affected its email services, but not customers’ payment details or ticket sales as this information is stored offsite.
The FAI has hired a forensic computer scientist to investigate the extent of the attack and the source, and has notified the Data Protection Commission and the Gardaí of the breach.
Penetration testing is key
The FAI could have mitigated this data breach or avoided it altogether by conducting regular penetration testing on its systems.
Penetration testing is designed to identify weaknesses in an organisation’s systems and exploit them. This demonstrates to an organisation exactly how a cyber criminal could infiltrate its systems, networks and applications, allowing the organisation to pinpoint how effective its security controls are and the areas that need improvement.
Network penetration testing
A network penetration test assesses the resilience of your infrastructure security controls and the ways an attacker might gain unauthorised access. These tests probe for holes in your network perimeter, looking at, for example, web servers, firewalls and Wi-Fi.