Approach cybersecurity like it’s the Super Bowl, everyday

TAMPA BAY—This year’s Super Bowl will be very different from years past given the impact of COVID-19. Only a fraction of the seats will be filled at Raymond James Stadium, which changes the dynamics for players and fans.

As a resident of Tampa, and a Buccaneers fan, this is an exciting time for our city. But there’s also concern about the potential for domestic terrorism and law enforcement is on high alert. While there is a lot of attention on physical security surrounding the Super Bowl, there is also a critical need to protect against cybersecurity threats as well.

Just consider all of the vendors involved, news outlets, stadium and transportation logistics and a major spike in financial transactions across the Tampa area and beyond. These factors all contribute to a heightened concern around the possibility of a cyber-attack.

You only have to look back to last year’s game as an example. On Super Bowl Sunday, and the following day, the social media accounts of almost half of the teams in the National Football League, as well as the official NFL account, were hacked, according to a statement from the NFL. Many of the hacked NFL tweets promoted the hacker group OurMine, announcing that the hacking collective is “back” and that “everything is hackable.”

While last year’s attack created a disruption for the NFL and the teams impacted, it didn’t create any long-lasting financial damages – which is rare. But it was a wake-up call for the league officials and all 32 teams. So, with final preparations underway, there’s a major focus on cybersecurity in and around Tampa right now, and for good reason.

From a fan perspective, the Super Bowl, one of the largest events of the year, might look like just another game. But behind the scenes, there are thousands of vendors and millions of dollars making it all run smoothly.

After all, the NFL represents a big business, so there are some valuable cybersecurity lessons to be learned from the Super Bowl. With billions of dollars at stake and lots of potential exposures, Sunday’s scenario is very similar to any given day on Wall Street and companies can’t let their guard down. As you sit down to watch Sunday’s game (and hopefully Tom Brady adding to his collection of championship rings), keep these lessons in mind:

• Understand your weaknesses and minimize potential exposures: Patrick Mahomes has the ability to take over a game in a blink of an eye. You can be sure Tampa is focused on containing him and not giving up the big plays. For businesses, working with third party vendors can give cybercriminals a low barrier to slip through the digital back door – ultimately, compromising systems, leaving data unprotected and creating havoc for an organization. While 71 percent of companies feel confident their security activities are effective, only 32 percent require third parties to comply with their policies. Protect against the big play.
• Don’t underestimate the competition (cybercriminals): I’ve seen enough Super Bowl upsets to know that you can never let your guard down. Tom Brady and team need to prepare for everything the Kansas City Chiefs might throw at them – and you can be sure that the Chiefs will unleash a trick play or two. The same applies to small to medium-sized businesses as they’re often caught off guard when it comes to the financial realities of a breach. A successful ransomware or phishing breach can cost $500,000 or more in order to recover and resume operations, while risking long term reputational damage in the process. Prepare for the worse-case scenario, stay vigilant and put the proper tools, processes and people in place to win the daily cyber battle.
• Plan for the unexpected: Like football, cybersecurity requires work. In business, it’s tempting to believe that purchasing a firewall provides adequate protection. The truth is, cybersecurity and the management of cyber risks is never done – and cyber-attacks are not a matter of “if," but “when.” Like football players, all companies will eventually get hit. The key to survival is being able to mitigate the damage and recover. Ensure you have the right team and partners in place to avoid being the next business to take a major financial blow from a cyber-attack. A proactive strategy, along with the right investments now can prevent having to spend much more to reverse damage after an attack is detected.

Both Super Bowl teams are now in Tampa, finalizing strategies and plans for Sunday’s game. By the time they step on the field they’ll be prepared for any possible scenario – turnovers, injuries and big play makers. No matter who loses the game, it won’t be due to a lack of planning and preparation. You need to take the same approach with securing your business every day. 

Jeremy Rasmussen is Chief Technology Officer and CISO for Abacode, a cybersecurity company based in Tampa, Florida. Abacode has helped hundreds of companies recover from breaches, know exactly what’s involved and understand how to strengthen a company’s cybersecurity processes to prevent breaches in the first place.