CyberTalk

Super Bowl cyber security, a high-stakes game

Super Bowl LVIII cyber security

EXECUTIVE SUMMARY:

Slated to take place in Las Vegas on February 11th, excitement around the Super Bowl is building. “…there is incredible energy and anticipation” ahead of the event, says Peter O’Reilly, an National Football League (NFL) Executive Vice President.

While many Americans are contemplating which of the competing teams will demonstrate the better performance, a handful of Americans are focused on something else…

Super Bowl cyber threats

With 65,000 in-person attendees, and roughly 115 million at-home viewers, a successful Super Bowl disruption could lead to extreme negative outcomes – on multiple levels. And for cyber attackers, these types of events represent the ‘great white whales’ of available targets.

What could happen

Imagine that a cyber threat group created a fake QR code and embedded it into one of the Super Bowl’s commercials. The QR code could theoretically direct people to a fraudulent website. The website could rob people of everything available in their checking accounts, once bank card details have been entered.

Does that seem troubling, but tame? Imagine that a cyber threat group took over the half-time show and announced a bomb threat. While highly improbable, across the past few months, authorities have prepared for an assortment of antics.

Staying ahead of the game

Super Bowl-related cyber threat prevention has been underway for some time. In September, the NFL and its commercial partners, collaborated with the Cyber Security and Infrastructure Security Agency (CISA) to conduct a massive cyber security tabletop exercise.

The pre-Bowl exercise involved more than 100 different groups: those from the NFL, from the stadium itself, and various governmental agencies.

The exercise forced the group to consider a hypothetical scenario involving phishing, ransomware, a data breach and a potential insider threat – all of which would result in physical disruptions or potential real-world harm.

As one person observed, you don’t want an attack to occur due to failure of imagination. Experts worry that, should critical systems face compromise, event organizers may feel pressured to acquiesce to ransom demands.

“This was a safe, low-stress setting [in which to] identify any gaps in those plans and ensure we all have a shared understanding of roles and responsibilities…this exercise will help ensure we’re ready for any challenges that come our way on game day,” stated Steve Harris, CISA’s deputy executive assistant director for infrastructure security.

Securing smart stadiums

As stadiums become smart and their digital footprints expand, the potential for breaches grows.

The interconnected nature of game-related digital touch-points creates a web of potential vulnerabilities that malicious actors could exploit. Think ticket payment platforms, sophisticated surveillance systems, vendor payment systems and even banking systems.

But beyond that, “there are some things we can’t protect, and that’s people from consuming media, which is not real, and then disseminating this information as though it is legitimate,” stated cyber security expert Micki Boland, in a Wall Street Journal article.

Disinformation related to the Super Bowl or stemming from Super Bowl-oriented content could potentially rattle consumers and the general public; those who are attending the event at the stadium and otherwise.

Touchdown

In 2023, experts found that at least 70% of sports organizations experienced cyber incidents or breaches in the year prior.

Planning for possible cyber security scenarios during the Super Bowl allows everyone to prepare for a win.

Regardless of whether the Kansas City Chiefs or the San Francisco 49ers claim the bragging rights, cash and rings on Sunday, we predict that the event’s level of cyber security will be something for everyone in this community to be proud of.

Exit mobile version