With Intelligence, Fans, Businesses and NFL Can Remain Protected Against Cyber Threats

In the sports arena, the cyber and physical worlds are converged. The NFL and Super Bowl offer excellent examples of how laced together the two are. Last year, viewers streamed the Super Bowl across 7.5 million mobile devices. The NFL app has been downloaded more than 50 million times on the Google Play Store. The San Francisco 49ers and Kansas City Chiefs Twitter accounts have more than 3.5 million followers combined. 

The collision of digital and physical worlds in athletics has created more opportunities for fans, businesses, and leagues. Fans can remain connected to their favorite players and teams, 24-7. Businesses can open more doors to customers through online sports-related promotions. Teams and leagues can reach wider audiences. Unfortunately, the intersection of sports and cyber has also widened the playing field for threat actors. 

Last year, it was estimated that cyber thieves stole more than $24 million from victims through counterfeit Super Bowl merchandise and tickets alone. There have been numerous, credible scenarios reported about how adversaries could target the Super Bowl. It is well documented how nation-state operators have compromised and disrupted IT systems powering other global sporting events.

Fortunately, there are mitigation steps that anyone with a personal or business stake in the global sports market can take to reduce risk. 


Many fans buy sports-related merchandise and tickets online. Most transactions are legitimate, but the threat of cybercrime is still quite high. 

Anyone who makes an online purchase should first confirm that they are shopping on a secure site that is offering officially licensed items. Before buying tickets through an online source to a major event, consumers should check out the seller via organizations such as the Better Business Bureau, which can help to differentiate genuine vs. fake sites.  

Don’t fall for “too good to be true” scams. Licensed sports gear and big-game tickets aren’t cheap. If you stumble across an advertisement or receive an email or phone call offering something that sounds too good to be true, it is. 


Right now, in offices across the country, employees are wearing Super Bowl-bound team colors, drawing numbers for office pools, chatting about the game, and opening related emails. While organizations may have no way of avoiding productivity losses during periods of sports-induced distractions, there are a few things they can do to avoid cyber trouble.

They need to recognize how cybercriminals work. Scammers use the Super Bowl and other sporting events to bait malicious email campaigns. Employees need to be educated about the perils of opening non-work emails with “Super Bowl” in the subject line. Businesses could even consider blocking any external, inbound emails with such subject lines during a period leading up to and during a big game. Organizations that sponsor Super Bowl events or contests need to make sure that employees are knowledgeable about how it is being promoted, as they will likely also be targets for copy-cat campaigns designed to trick them into becoming victims of cyber intrusions.

Global Sports Organizations & Affiliates

A preponderance of evidence suggests that Sandworm, an advanced persistent threat (APT) associated with Russia, executed a cyberattack that disrupted the 2018 Winter Olympics in Korea. Some experts say that attack was retaliation for sanctions against Russian Olympic athletes.

Not all mega-events are potential targets for political attacks. However, Sandworm showed the world that a properly motivated and funded group could penetrate the defenses of even a well-prepared IT organization. 

Many lessons came out of that Olympic attack. Among these is that the level of aggression that an adversary could use against any given operation should never be underestimated. With that in mind, global sports organizations should consider taking steps to reduce risk:

Prepare for all possibilities. Defenders need to expand their thinking to imagine more contingencies. They need to have back-up plans to deal with any situations that may arise. They need to consider how adversaries could take advantage of cyber and kinetic attacks to disrupt the business of the event and to place lives at risk. As part of the preparation process, cyber and physical security teams should work together by conducting table-top and live-action exercises designed to successfully execute emergency plans. 

Have backups. Ransomware has become such a hot topic that the term “backup” is now frequently thought of as a secondary system that can be used to quickly recover data and restore systems, which it is. It is true that organizations such as the NFL, FIFA and the Olympics need to be prepared for the trouble that ransomware can create. There is also another kind of backup need. At and during events, ground and online crews must have access to backup communications lines, power sources, internet connections, and physical security resources. 

Gain situational awareness. Having an effective intelligence capability tied to a strong physical security team can empower organizations like the NFL to know their adversaries in advance and to be prepared for what they may attempt. Organizations utilizing intelligence can prepare for phishing attacks that may be designed to steal employee credentials and spread malware and ransomware. They can gain visibility into chatter on cybercriminal forums (i.e., Deep and Dark Web), which can provide the advanced warning needed to prepare for and defend against cyber and physical assaults. 

Share intelligence. For several decades now, private and public sector organizations have been making attempts to share threat information. Progress has been made but for many, there is still work to be done. Organizations responsible for the cyber and physical safety of millions of people aren’t islands. They are connected through thousands of partners and affiliates. Any organization in the chain could be used by adversaries as a conduit, which makes them all potential targets. Organizations that share intelligence through trusted circles, ISACs, and through coordination with defense and law enforcement agencies are going to have a better chance of knowing when and where threats are planning to strike. 

For most people, major global events like the Super Bowl are a reason to cut loose and have a good time. For those who are in charge of making sure such spectacles run without disruption, they are a time of increased vigilance. Odds are that the Super Bowl, like most major sports and entertainment events, will run smoothly. And when that happens, it will be in part because of the investment in and commitment to the access, tools, and personnel needed to ensure that effective physical and cyber security is in place.

RelatedWill Security Match Up to The World Cup’s Cyber Threats?

view counter

AJ Nash is Director of Cyber Intelligence Strategy at Anomali. He has more than two decades of experience in intelligence collection, analysis, reporting, briefing, process improvement, and leadership. Prior to Anomali, he was a Senior Manager of Cyber Threat Intelligence at Capital One, Global Head of Cyber Intelligence at Symantec, and a guest lecturer at several universities. His background includes time spent in the United States Air Force, the National Security Agency, and the United States Cyber Command.

Previous Columns by AJ Nash:

Don't forget to share

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *