3 Cyber Security Lessons From Super Bowl XLIX - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
IT Life
Commentary
2/2/2015
01:46 PM
Joe Stanganelli
Joe Stanganelli
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
100%
0%

3 Cyber Security Lessons From Super Bowl XLIX

The Super Bowl just broadcast can give us a few lessons about risk, awareness, and preparedness.

5 Cloud Contract Traps To Avoid
5 Cloud Contract Traps To Avoid
(Click image for larger view and slideshow.)

There were emotional ads. There were dancing sharks at Katy Perry's halftime show. And, amidst all the marketing hoopla and entertainment extravaganza, a football game was played.

Super Bowl XLIX was full of surprises. As anyone in IT can attest, cyber criminals are full of surprises too -- and proper preparation is key to fending off their attacks. Below are three lessons one can draw from this year's Super Bowl to better inform one's own cyber security policies and practices.

Pay attention to market forces

Consider the poor fans who spent hundreds of dollars for tickets to the big game -- only to find out that those Super Bowl XLIX tickets they bought never existed. The problem here was ticket brokers' common practice of short selling -- selling tickets before having them in hand, then buying them cheap closer to the event. In the case of Super Bowl XLIX, however, those cheap tickets never materialized because too many other brokers were doing the same thing at an unsustainable volume.

[ What can CIOs learn from winning coaches? Read Super Bowl CIOs: 7 Lessons From Winning NFL Coaches. ]

Such a crisis was but a matter of time; brokers (and their customers) should have been prepared. So too must IT be prepared for both the old and the new attacks that are out there waiting for their data.

(Image: ZIPNON at Pixabay)

(Image: ZIPNON at Pixabay)

So you have antivirus software running. Maybe a firewall. Maybe you even have a cyber security consultancy on retainer. And so far, so good. Security doesn't end there.

In his book Spam Nation, Brian Krebs reports that more than 82,000 new malware variants attack computers every day. An unceasing dedication to preparedness and awareness of market dynamics is key.

Test everything

Woe to the administrator who installs new software without first testing it. The result can be a brand-damaging, revenue-halting crash. Just ask Verizon – a company that learned this lesson the hard way last year when its billing system suffered a major multi-day crash after having installed an untested software update.

Or, in the case of Super Bowl XLIX, just ask insurance company Nationwide, which ran what has been called "the most depressing Super Bowl ad ever" and "the creepiest moment of the night." In Nationwide's controversial Super Bowl commercial, a child explains that he'll never enjoy various life experiences "because I died in an accident." The grim announcement is followed by creepy images, including those of an overflowing bathtub, an open kitchen cabinet full of cleaning chemicals, and a large television smashed on the floor.

The negative reaction to the Nationwide ad causes one to wonder: Did the company try testing the ad with audiences first? Or, for that matter, did Nationwide consider how its dark messaging would fit in with the celebratory context of the Super Bowl? The situation is analogous to the job of an IT administrator – especially in a multi-vendor organization. The job involves making disparate bits of software and hardware play nice together. Frequently, a new piece of software (often from a low bidder) will come along that the administrator needs to assimilate into the system. Other times, a vendor will release an important security patch. These updates, however, may have catastrophic results if not tested properly first – preferably in a virtualized testbed.

Don't take unnecessary risks

No "lessons from Super Bowl XLIX" overview would be complete without a look at the Seattle Seahawks' disastrous decision in the fourth quarter, with seconds to go, with a four-point deficit to overcome, and being mere inches from the goal line, to run a passing play. Whereas a running play would have undeniably been safest (especially considering that the Seahawks were on only their second down, allowing them two more chances, even if they failed to score a touchdown), the passing play allowed an opposing rookie to intercept the ball -- and snatch the Super Bowl trophy for the New England Patriots.

This brings us to the most important cyber security lesson here: Don't screw around. Are there websites and software your staffers have no justifiable business reason to use? Block those things. Can non-employees access your offices? Strictly enforce a clean-desk policy so no handwritten passwords or other security-compromising data is left out in the open. And, naturally, train your employees on good security practices and culture.

You could have the best cyber security software and IT staff around, but the slightest slip-up can bring down your organization. InformationWeek editor Dave Wagner observed recently that the Seahawks are one of "the two best teams in the league in causing more turnovers than giving them up." The other team, Wagner noted, is the Patriots.

Hence, to call the Seahawks' decision to pass the ball an "unnecessary risk" would be an understatement.

Don't take unnecessary cyber security risks. Stay the straight and narrow, follow established policy and best practices, scan every file and connection, test every new update, and value patience and resolve. Boring? Perhaps. Difficult to measure ROI? Possibly. But you'll be a lot better off in the long run.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
2/2/2015 | 9:23:06 PM
Great game
What a great Super Bowl. It's awesome to get insights from the strategies inside the game as well.

I think of football as the ultimate chess match, and when you think of it that way you realize how much of a mind game it really can be for the coaches involved. 
Slideshows
What Digital Transformation Is (And Isn't)
Cynthia Harvey, Freelance Journalist, InformationWeek,  12/4/2019
Commentary
Watch Out for New Barriers to Faster Software Development
Lisa Morgan, Freelance Writer,  12/3/2019
Commentary
If DevOps Is So Awesome, Why Is Your Initiative Failing?
Guest Commentary, Guest Commentary,  12/2/2019
White Papers
Register for InformationWeek Newsletters
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Video
Current Issue
The Cloud Gets Ready for the 20's
This IT Trend Report explores how cloud computing is being shaped for the next phase in its maturation. It will help enterprise IT decision makers and business leaders understand some of the key trends reflected emerging cloud concepts and technologies, and in enterprise cloud usage patterns. Get it today!
Slideshows
Flash Poll