With Sunday’s upcoming match between the Kansas City Chiefs and the San Francisco 49ers, the potential threats to security at the year’s Super Bowl are becoming a growing cause for concern. The NFL’s increasing digital presence has opened the door to a host of new vulnerabilities that attackers may attempt to exploit during this high-profile event.
The Chief Information Security Officer (CISO) of the NFL, Tomás Maldonado, voiced his unease over the rise in AI-enabled phishing attacks and deepfake scams, which have added to the long list of existing security challenges. The league has been preparing for some time to identify and assess threats to the Super Bowl and has recently conducted a comprehensive exercise with other stakeholders, including the US Department of Homeland Security and the Cybersecurity and Infrastructure Agency (CISA) to simulate potential attack scenarios that could impact the event.
An area of concern, according to field CISO Karl Mattson at Noname Security, is the risk of API-related attacks due to the NFL’s extensive digital transformation over recent years, specifically threatening the fan digital experience, advertising, and event infrastructure. The core concern is the potential compromise of fan personal information if an API-related attack were to occur.
The rise in online gambling and sports betting has also led to new types of scams that attackers may attempt to exploit during the Super Bowl, particularly with regard to synthetic identity fraud, which makes it difficult for gaming operators to detect malicious actors.
Another emerging challenge stems from the proliferation of fake tickets and counterfeit merchandise in online marketplaces. Stuart Wells, CTO at Jumio, warns fans to be cautious and verify the authenticity of sellers before providing personal information or making payments.
Unauthorized streaming sites also pose a significant risk, especially for organizations that allow employees to use unmanaged devices for work-related purposes. Ken Carnesi, CEO of DNSFilter, highlights the potential for malware infections, phishing attacks, and data exfiltration, which could compromise an organization’s data integrity.
Considering the multitude of new and evolving security threats, the NFL and its security team have their work cut out for them as they gear up for one of the year’s most significant events. With the continued digitization of sporting events, enhanced security measures will become increasingly vital to protect the integrity of the Super Bowl and the safety of fans, employees, and players alike.