While football fans are enjoying Super Bowl 58 on February 11, most viewers probably don’t realize how much preparation goes into securing such a colossal event. Like sporting events organizers, corporate teams can benefit from implementing some core ideas from big event security into their own security strategy. To see how, walk in the shoes of an event security team for a bit.
The big stage attracts the big hack
First, consider this iconic scenario: a breathtaking game is in full swing and the stadium suddenly goes dark. Chaos ensues. Now imagine that the lights did not go out because of an accidental power failure. Instead, the lights were turned off by unknown hackers wanting to make a name for themselves. Pulling off something as big as that would certainly gain them the notoriety they were seeking — and perhaps reap financial gains from some strategically placed bets.
Every athlete dreams of pinnacle moments: standing atop the Olympic podium with a gold medal or netting the decisive goal in the FIFA World Cup. But such high-profile occasions also draw the attention of malicious actors. While we can recall two Olympics marred by terror attacks in the past 50 years, it's less known that during the 2018 Olympics, the IT team grappled with a cyberattack that targeted and initially disabled crucial servers underpinning the event's IT infrastructure. When the whole world is watching, it is a great time for athletes and malicious actors alike.
The digital transformation of sports
While digital transformation has delivered significant returns for many businesses, it has also paved the way for an uptick in cyberattacks. The realm of sports, despite its physical nature, hasn't been spared from this new reality. Today, technology is deeply woven into the fabric of nearly every major sport, creating fresh points of vulnerability that cybercriminals are quick to exploit. For example, last year, the San Francisco 49ers football team fell victim to a ransomware attack.
But let’s think bigger now because digital technology creates vulnerabilities where you might least expect them. Imagine if a cybercrime group brought down the digital ticketing systems right before a FIFA World Cup match, barring thousands from entering the venue and compelling officials to pay up to restore access. Or what if during a Formula 1 race like the Monaco Grand Prix, hackers disrupted the critical communication between drivers and their pit crews to stop the race? Or consider a scenario where threat actors manipulated the digital scoring system of the Super Bowl. These hypothetical situations highlight the intertwining of sports and technology and the emerging challenges therein.
Gaming the game
In 1982, an NFL game between the Miami Dolphins and the New England Patriots became notoriously known as the “Snowplow Game.” A heavy snowstorm had kept the score tied at 0-0 until just minutes before the end. Then, in a pivotal moment, a snowplow operator cleared a patch on the field, enabling the Patriots to successfully kick a game-winning field goal. Without this intervention, the game might well have ended in a stalemate.
Fast forward to today, with vast sums of money bet on the NFL and other high-profile sports (wagers on the Superbowl are now eclipsing $1 million). Imagine if someone, hoping to swing a large bet in their favor, hired a hacker to activate a stadium's sprinkler system, tilting the odds in one team's favor. Indeed, there are multiple ways that outside stakeholders can influence the outcome of a game today. Those who oversee these big events have to be on alert.
Preparing for the big leagues
While most businesses operate within a defined risk threshold due to resource limitations, those in charge of securing major sports events cannot afford such luxury. They must adopt a near zero risk tolerance because even a minor hiccup can spell catastrophe. The endeavor is like orchestrating a NASA space mission, where multiple layers of backup systems ensure resilient, uninterrupted operations.
Big event coordinators must worry about a full gamut of malicious characters, from a lone wolf hacker looking for their first big cyber strike, to nation-state actors involved in cyberespionage or politically motivated schemes, to hacktivists seeking the spotlight for their cause. The level of security orchestration required is unparalleled.
What corporate security pros can learn from their event peers
What insights can event security provide for corporate security teams? There are several key strategies worth considering.
First of all, set adequate time for planning. Annual event teams start working on the next year’s event the next morning after the current event ends. Thorough preparation ensures smoother implementation.
Second, adopt an “all in this together" mindset. Every part of the organization — along with the links of its supply chain — are connected to each other. Event security teams engage with partners, vendors, local and federal authorities, transportation providers like Uber, Lyft and contracted shuttle services, and any other entities associated with the event, directly or indirectly. By working more closely with the third parties involved in their organization’s activities, corporate security teams can improve overall cyber resilience. Find your allies and engage them.
Third, conduct regular tabletop simulations. These exercises model potential challenges and provide an effective forum for devising effective countermeasures. Such simulations are ideal opportunities for teams to push themselves to create effective approaches and work out any kinks.
Williams Shakespeare said that “All the world’s a stage” and there isn’t any stage bigger than global sporting events such as the Super Bowl. Just as the athletes who participate in these games, event planners invest great preparation to ensure that these events play out safely. As corporate security pros enjoy Super Bowl Sunday and other big events, they can appreciate how those planners ensured security on game day!