3 Cyber Security Lessons From Super Bowl XLIX - InformationWeek
IoT
IoT
IT Life
Commentary
2/2/2015
01:46 PM
Joe Stanganelli
Joe Stanganelli
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
100%
0%

3 Cyber Security Lessons From Super Bowl XLIX

The Super Bowl just broadcast can give us a few lessons about risk, awareness, and preparedness.

5 Cloud Contract Traps To Avoid
5 Cloud Contract Traps To Avoid
(Click image for larger view and slideshow.)

There were emotional ads. There were dancing sharks at Katy Perry's halftime show. And, amidst all the marketing hoopla and entertainment extravaganza, a football game was played.

Super Bowl XLIX was full of surprises. As anyone in IT can attest, cyber criminals are full of surprises too -- and proper preparation is key to fending off their attacks. Below are three lessons one can draw from this year's Super Bowl to better inform one's own cyber security policies and practices.

Pay attention to market forces

Consider the poor fans who spent hundreds of dollars for tickets to the big game -- only to find out that those Super Bowl XLIX tickets they bought never existed. The problem here was ticket brokers' common practice of short selling -- selling tickets before having them in hand, then buying them cheap closer to the event. In the case of Super Bowl XLIX, however, those cheap tickets never materialized because too many other brokers were doing the same thing at an unsustainable volume.

[ What can CIOs learn from winning coaches? Read Super Bowl CIOs: 7 Lessons From Winning NFL Coaches. ]

Such a crisis was but a matter of time; brokers (and their customers) should have been prepared. So too must IT be prepared for both the old and the new attacks that are out there waiting for their data.

(Image: ZIPNON at Pixabay)

(Image: ZIPNON at Pixabay)

So you have antivirus software running. Maybe a firewall. Maybe you even have a cyber security consultancy on retainer. And so far, so good. Security doesn't end there.

In his book Spam Nation, Brian Krebs reports that more than 82,000 new malware variants attack computers every day. An unceasing dedication to preparedness and awareness of market dynamics is key.

Test everything

Woe to the administrator who installs new software without first testing it. The result can be a brand-damaging, revenue-halting crash. Just ask Verizon – a company that learned this lesson the hard way last year when its billing system suffered a major multi-day crash after having installed an untested software update.

Or, in the case of Super Bowl XLIX, just ask insurance company Nationwide, which ran what has been called "the most depressing Super Bowl ad ever" and "the creepiest moment of the night." In Nationwide's controversial Super Bowl commercial, a child explains that he'll never enjoy various life experiences "because I died in an accident." The grim announcement is followed by creepy images, including those of an overflowing bathtub, an open kitchen cabinet full of cleaning chemicals, and a large television smashed on the floor.

The negative reaction to the Nationwide ad causes one to wonder: Did the company try testing the ad with audiences first? Or, for that matter, did Nationwide consider how its dark messaging would fit in with the celebratory context of the Super Bowl? The situation is analogous to the job of an IT administrator – especially in a multi-vendor organization. The job involves making disparate bits of software and hardware play nice together. Frequently, a new piece of software (often from a low bidder) will come along that the administrator needs to assimilate into the system. Other times, a vendor will release an important security patch. These updates, however, may have catastrophic results if not tested properly first – preferably in a virtualized testbed.

Don't take unnecessary risks

No "lessons from Super Bowl XLIX" overview would be complete without a look at the Seattle Seahawks' disastrous decision in the fourth quarter, with seconds to go, with a four-point deficit to overcome, and being mere inches from the goal line, to run a passing play. Whereas a running play would have undeniably been safest (especially considering that the Seahawks were on only their second down, allowing them two more chances, even if they failed to score a touchdown), the passing play allowed an opposing rookie to intercept the ball -- and snatch the Super Bowl trophy for the New England Patriots.

This brings us to the most important cyber security lesson here: Don't screw around. Are there websites and software your staffers have no justifiable business reason to use? Block those things. Can non-employees access your offices? Strictly enforce a clean-desk policy so no handwritten passwords or other security-compromising data is left out in the open. And, naturally, train your employees on good security practices and culture.

You could have the best cyber security software and IT staff around, but the slightest slip-up can bring down your organization. InformationWeek editor Dave Wagner observed recently that the Seahawks are one of "the two best teams in the league in causing more turnovers than giving them up." The other team, Wagner noted, is the Patriots.

Hence, to call the Seahawks' decision to pass the ball an "unnecessary risk" would be an understatement.

Don't take unnecessary cyber security risks. Stay the straight and narrow, follow established policy and best practices, scan every file and connection, test every new update, and value patience and resolve. Boring? Perhaps. Difficult to measure ROI? Possibly. But you'll be a lot better off in the long run.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
danielcawrey
50%
50%
danielcawrey,
User Rank: Ninja
2/2/2015 | 9:23:06 PM
Great game
What a great Super Bowl. It's awesome to get insights from the strategies inside the game as well.

I think of football as the ultimate chess match, and when you think of it that way you realize how much of a mind game it really can be for the coaches involved. 
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll