How to Prepare for Elevated Cybersecurity Risk at the Super Bowl

How to Prepare for Elevated Cybersecurity Risk at the Super Bowl

February 7, 2024 at 10:08AM

The Super Bowl event attracts threat actors seeking payment card data, user credentials, and ransom opportunities. Cyber adversaries include cybercriminals, hacktivists, deliberate disruptors, and nation-state actors. Businesses must also consider internal threats posed by employees, temporary staff, and vendors. Adversaries engage in diverse tactics including social engineering, disinformation, and data exfiltration, necessitating increased vigilance and employee education. Third-party vendor vulnerabilities and organizational discipline are critical considerations in mitigating cybersecurity risks.

After analyzing the meeting notes, the following key takeaways can be derived:

1. Major sporting events like the Super Bowl present significant cybersecurity risks, attracting threat actors aiming to exploit the large audience and valuable data, such as payment card information and access credentials.

2. Threat actors may engage in “for ransom” activities, including ransomware attacks, sustained distributed denial-of-service (DDoS) attacks, and exfiltration of sensitive data with the threat of disclosure unless a ransom is paid.

3. Adversary personas include cybercriminals focused on financial gain, hacktivists seeking to promote their ideology, deliberate disruptors using DDoS or destructive malware attacks, and nation-state or state-affiliated threat actors pursuing national security and competitive advantage.

4. The human element is a significant vulnerability, with employees, temporary workforce, and vendors being potential weak links due to mistakes, abuse of access privileges, or being pivot points for threat actors through supply chain attacks.

5. Cyber adversaries employ various tactics, techniques, and procedures (TTPs) to target infrastructure, engage in social engineering, disseminate misinformation, disinformation, and exfiltrate sensitive data.

6. Social engineering is a crucial concern, particularly in the context of Las Vegas hosting the Super Bowl, with cybercriminals likely to target tourists and employees of hospitality businesses through various social engineering tactics.

7. Employees should be reminded of cybersecurity best practices, including recognizing social engineering tactics, changing passwords frequently, using unique credentials, and having incident response plans in place.

8. Third-party vendors are potential targets for threat actors, and it is important for event organizers to evaluate third-party exposure, engage with vendor partners, and mitigate potential risks.

9. Strong cybersecurity depends not only on technology solutions but also on organizational behaviors, culture, and discipline. Implementing systems, establishing protocols, and adhering to them are essential for mitigating cybersecurity risks.

These takeaways highlight the need for heightened vigilance, employee education, incident response preparedness, and evaluation of third-party risks in the lead-up to Super Bowl LVIII.

Full Article