3 Cyber Security Lessons From Super Bowl XLIX - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IT Life
01:46 PM
Joe Stanganelli
Joe Stanganelli
Connect Directly

3 Cyber Security Lessons From Super Bowl XLIX

The Super Bowl just broadcast can give us a few lessons about risk, awareness, and preparedness.

5 Cloud Contract Traps To Avoid
5 Cloud Contract Traps To Avoid
(Click image for larger view and slideshow.)

There were emotional ads. There were dancing sharks at Katy Perry's halftime show. And, amidst all the marketing hoopla and entertainment extravaganza, a football game was played.

Super Bowl XLIX was full of surprises. As anyone in IT can attest, cyber criminals are full of surprises too -- and proper preparation is key to fending off their attacks. Below are three lessons one can draw from this year's Super Bowl to better inform one's own cyber security policies and practices.

Pay attention to market forces

Consider the poor fans who spent hundreds of dollars for tickets to the big game -- only to find out that those Super Bowl XLIX tickets they bought never existed. The problem here was ticket brokers' common practice of short selling -- selling tickets before having them in hand, then buying them cheap closer to the event. In the case of Super Bowl XLIX, however, those cheap tickets never materialized because too many other brokers were doing the same thing at an unsustainable volume.

[ What can CIOs learn from winning coaches? Read Super Bowl CIOs: 7 Lessons From Winning NFL Coaches. ]

Such a crisis was but a matter of time; brokers (and their customers) should have been prepared. So too must IT be prepared for both the old and the new attacks that are out there waiting for their data.

(Image: ZIPNON at Pixabay)

(Image: ZIPNON at Pixabay)

So you have antivirus software running. Maybe a firewall. Maybe you even have a cyber security consultancy on retainer. And so far, so good. Security doesn't end there.

In his book Spam Nation, Brian Krebs reports that more than 82,000 new malware variants attack computers every day. An unceasing dedication to preparedness and awareness of market dynamics is key.

Test everything

Woe to the administrator who installs new software without first testing it. The result can be a brand-damaging, revenue-halting crash. Just ask Verizon – a company that learned this lesson the hard way last year when its billing system suffered a major multi-day crash after having installed an untested software update.

Or, in the case of Super Bowl XLIX, just ask insurance company Nationwide, which ran what has been called "the most depressing Super Bowl ad ever" and "the creepiest moment of the night." In Nationwide's controversial Super Bowl commercial, a child explains that he'll never enjoy various life experiences "because I died in an accident." The grim announcement is followed by creepy images, including those of an overflowing bathtub, an open kitchen cabinet full of cleaning chemicals, and a large television smashed on the floor.

The negative reaction to the Nationwide ad causes one to wonder: Did the company try testing the ad with audiences first? Or, for that matter, did Nationwide consider how its dark messaging would fit in with the celebratory context of the Super Bowl? The situation is analogous to the job of an IT administrator – especially in a multi-vendor organization. The job involves making disparate bits of software and hardware play nice together. Frequently, a new piece of software (often from a low bidder) will come along that the administrator needs to assimilate into the system. Other times, a vendor will release an important security patch. These updates, however, may have catastrophic results if not tested properly first – preferably in a virtualized testbed.

Don't take unnecessary risks

No "lessons from Super Bowl XLIX" overview would be complete without a look at the Seattle Seahawks' disastrous decision in the fourth quarter, with seconds to go, with a four-point deficit to overcome, and being mere inches from the goal line, to run a passing play. Whereas a running play would have undeniably been safest (especially considering that the Seahawks were on only their second down, allowing them two more chances, even if they failed to score a touchdown), the passing play allowed an opposing rookie to intercept the ball -- and snatch the Super Bowl trophy for the New England Patriots.

This brings us to the most important cyber security lesson here: Don't screw around. Are there websites and software your staffers have no justifiable business reason to use? Block those things. Can non-employees access your offices? Strictly enforce a clean-desk policy so no handwritten passwords or other security-compromising data is left out in the open. And, naturally, train your employees on good security practices and culture.

You could have the best cyber security software and IT staff around, but the slightest slip-up can bring down your organization. InformationWeek editor Dave Wagner observed recently that the Seahawks are one of "the two best teams in the league in causing more turnovers than giving them up." The other team, Wagner noted, is the Patriots.

Hence, to call the Seahawks' decision to pass the ball an "unnecessary risk" would be an understatement.

Don't take unnecessary cyber security risks. Stay the straight and narrow, follow established policy and best practices, scan every file and connection, test every new update, and value patience and resolve. Boring? Perhaps. Difficult to measure ROI? Possibly. But you'll be a lot better off in the long run.

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Joe Stanganelli is founder and principal of Beacon Hill Law, a Boston-based general practice law firm. His expertise on legal topics has been sought for several major publications, including US News and World Report and Personal Real Estate Investor Magazine. Joe is also ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Pandemic Responses Make Room for More Data Opportunities
Jessica Davis, Senior Editor, Enterprise Apps,  5/4/2021
10 Things Your Artificial Intelligence Initiative Needs to Succeed
Lisa Morgan, Freelance Writer,  4/20/2021
Transformation, Disruption, and Gender Diversity in Tech
Joao-Pierre S. Ruth, Senior Writer,  5/6/2021
White Papers
Register for InformationWeek Newsletters
2021 State of ITOps and SecOps Report
2021 State of ITOps and SecOps Report
This new report from InformationWeek explores what we've learned over the past year, critical trends around ITOps and SecOps, and where leaders are focusing their time and efforts to support a growing digital economy. Download it today!
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll