3 Cyber Security Lessons From Super Bowl XLIX - InformationWeek
IT Life
01:46 PM
Joe Stanganelli
Joe Stanganelli
Connect Directly

3 Cyber Security Lessons From Super Bowl XLIX

The Super Bowl just broadcast can give us a few lessons about risk, awareness, and preparedness.

5 Cloud Contract Traps To Avoid
5 Cloud Contract Traps To Avoid
(Click image for larger view and slideshow.)

There were emotional ads. There were dancing sharks at Katy Perry's halftime show. And, amidst all the marketing hoopla and entertainment extravaganza, a football game was played.

Super Bowl XLIX was full of surprises. As anyone in IT can attest, cyber criminals are full of surprises too -- and proper preparation is key to fending off their attacks. Below are three lessons one can draw from this year's Super Bowl to better inform one's own cyber security policies and practices.

Pay attention to market forces

Consider the poor fans who spent hundreds of dollars for tickets to the big game -- only to find out that those Super Bowl XLIX tickets they bought never existed. The problem here was ticket brokers' common practice of short selling -- selling tickets before having them in hand, then buying them cheap closer to the event. In the case of Super Bowl XLIX, however, those cheap tickets never materialized because too many other brokers were doing the same thing at an unsustainable volume.

[ What can CIOs learn from winning coaches? Read Super Bowl CIOs: 7 Lessons From Winning NFL Coaches. ]

Such a crisis was but a matter of time; brokers (and their customers) should have been prepared. So too must IT be prepared for both the old and the new attacks that are out there waiting for their data.

(Image: ZIPNON at Pixabay)

(Image: ZIPNON at Pixabay)

So you have antivirus software running. Maybe a firewall. Maybe you even have a cyber security consultancy on retainer. And so far, so good. Security doesn't end there.

In his book Spam Nation, Brian Krebs reports that more than 82,000 new malware variants attack computers every day. An unceasing dedication to preparedness and awareness of market dynamics is key.

Test everything

Woe to the administrator who installs new software without first testing it. The result can be a brand-damaging, revenue-halting crash. Just ask Verizon – a company that learned this lesson the hard way last year when its billing system suffered a major multi-day crash after having installed an untested software update.

Or, in the case of Super Bowl XLIX, just ask insurance company Nationwide, which ran what has been called "the most depressing Super Bowl ad ever" and "the creepiest moment of the night." In Nationwide's controversial Super Bowl commercial, a child explains that he'll never enjoy various life experiences "because I died in an accident." The grim announcement is followed by creepy images, including those of an overflowing bathtub, an open kitchen cabinet full of cleaning chemicals, and a large television smashed on the floor.

The negative reaction to the Nationwide ad causes one to wonder: Did the company try testing the ad with audiences first? Or, for that matter, did Nationwide consider how its dark messaging would fit in with the celebratory context of the Super Bowl? The situation is analogous to the job of an IT administrator – especially in a multi-vendor organization. The job involves making disparate bits of software and hardware play nice together. Frequently, a new piece of software (often from a low bidder) will come along that the administrator needs to assimilate into the system. Other times, a vendor will release an important security patch. These updates, however, may have catastrophic results if not tested properly first – preferably in a virtualized testbed.

Don't take unnecessary risks

No "lessons from Super Bowl XLIX" overview would be complete without a look at the Seattle Seahawks' disastrous decision in the fourth quarter, with seconds to go, with a four-point deficit to overcome, and being mere inches from the goal line, to run a passing play. Whereas a running play would have undeniably been safest (especially considering that the Seahawks were on only their second down, allowing them two more chances, even if they failed to score a touchdown), the passing play allowed an opposing rookie to intercept the ball -- and snatch the Super Bowl trophy for the New England Patriots.

This brings us to the most important cyber security lesson here: Don't screw around. Are there websites and software your staffers have no justifiable business reason to use? Block those things. Can non-employees access your offices? Strictly enforce a clean-desk policy so no handwritten passwords or other security-compromising data is left out in the open. And, naturally, train your employees on good security practices and culture.

You could have the best cyber security software and IT staff around, but the slightest slip-up can bring down your organization. InformationWeek editor Dave Wagner observed recently that the Seahawks are one of "the two best teams in the league in causing more turnovers than giving them up." The other team, Wagner noted, is the Patriots.

Hence, to call the Seahawks' decision to pass the ball an "unnecessary risk" would be an understatement.

Don't take unnecessary cyber security risks. Stay the straight and narrow, follow established policy and best practices, scan every file and connection, test every new update, and value patience and resolve. Boring? Perhaps. Difficult to measure ROI? Possibly. But you'll be a lot better off in the long run.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Ninja
2/2/2015 | 9:23:06 PM
Great game
What a great Super Bowl. It's awesome to get insights from the strategies inside the game as well.

I think of football as the ultimate chess match, and when you think of it that way you realize how much of a mind game it really can be for the coaches involved. 
The Staying Power of Legacy Systems
Mary E. Shacklett, Mary E. Shacklett,  4/15/2019
Q&A: Red Hat's Robert Kratky Discusses Essentials of Docs
Joao-Pierre S. Ruth, Senior Writer,  4/15/2019
How Cloud Shifts Security Balance of Power to the Good Guys
Guest Commentary, Guest Commentary,  4/11/2019
White Papers
Register for InformationWeek Newsletters
2018 State of the Cloud
2018 State of the Cloud
Cloud adoption is growing, but how are organizations taking advantage of it? Interop ITX and InformationWeek surveyed technology decision-makers to find out, read this report to discover what they had to say!
Current Issue
A New World of IT Management in 2019
This IT Trend Report highlights how several years of developments in technology and business strategies have led to a subsequent wave of changes in the role of an IT organization, how CIOs and other IT leaders approach management, in addition to the jobs of many IT professionals up and down the org chart.
Flash Poll