How Big Events Create Big Cybersecurity Risks

By Sanjay Bhakta, VP & Head of Solutions
People watching a football game

The Super Bowl creates a super risk for cybersecurity breaches – and not just for the event itself. The game causes a surge on online activity such as search and commerce across industries ranging from entertainment to retail. Bad actors are seeking ways to capitalize on this uptick as they did when the Covid-19 pandemic triggered a massive spike in online usage. And the Super Bowl isn’t the only major event that can have impacts on multiple industries. Tentpole events ranging from the Academy Awards to the FIFA World Cup create the same ripple effects and risks. These events underscore a reality: businesses and organizations operate as interconnected networks with suppliers, partners, customers, employees, and other stakeholders. These networks are becoming more fragile as bad actors devise more advanced ways to threaten them. Businesses must be more vigilant by applying approaches such as tabletop exercises and using tools such as generative AI. 

Super Risks

Let’s consider for a moment the enormous impact the Super Bowl has in online usage and associated risks:

  • Streaming: analysts predict that a record number of viewers will watch the 2024 Super Bowl as the likelihood of Taylor Swift attending the game attracts an audience that might not have watched the game in the past. This will be a boon for Paramount+, which is streaming the game. But there is also increased risk for cybersecurity breaches resulting from hacking attempts. For example, phishing emails and fake pop-up ads created with bad bots will offer access to stream the game when in fact those offers are attempted account takeovers. And bad actors will try to hack Paramount+ for reasons ranging from political to simply mischievous.  
  • Sports gambling: gaming experts predict that a record 67.8 million American adults will bet $23.1 billion on Super Bowl LVII. Apps and sites that host legalized sports gambling are at a greater level of risk for attacks using AI-generated malicious bots.
  • Entertainment: the music industry sees an increase in online searches and music streams after the featured artist (for 2024, Usher) performs in the Super Bowl halftime show. Businesses such as Google and music sites are vulnerable when these searches occur and malicious actors try to hijack search and commerce online. 
  • Healthcare: The Super Bowl even results in more people visiting the hospital on a day when hospitals are typically understaffed. Unfortunately, healthcare is particularly vulnerable to cybersecurity breaches. The cost of a cybersecurity breach in healthcare is the highest across any industry

The City of Las Vegas Is Threatened

The enormous risks were underscored by a recent Wall Street Journal article that focused on the cybersecurity aspects of the game itself. As noted in the article, the city of Las Vegas is a hotbed of malicious cybersecurity activity. With the vast sums of money flowing through the city via entertainment and legalized gambling, bad actors are constantly trying to find vulnerabilities to exploit – as they did in 2023 with some high-profile and damaging attacks on hotels and resorts such as MGM

These risks become even greater with bad actors using easily accessible generative AI tools such as FraudGPT designed to perform increasingly sophisticated attacks, such as very realistic looking phishing emails.  So, planners need to do a lot of advance preparation.  

As Mike Sherwood, the city of Las Vegas’s chief information security officer, told The Wall Street Journal, “It doesn’t just start with the day of the event. It’s months ahead prior, doing lots of different types of scenario testing, and training and role-playing exercises, and it won’t end when the Super Bowl ends.”

How Tabletop Exercises Fight Cybersecurity Threats

Mike Sherwood is referring to tabletop exercises when he mentions the months of preparation required to plan for cybersecurity attacks. The NFL has been working with various Super Bowl stakeholders to do scenario planning for anything that can go wrong when a bad actor poses a threat. 

A tabletop exercise involves key personnel gathering in one setting (like a conference room) to talk through simulated emergency scenarios. A facilitator presents hypothetical situations and asks participants questions about how they would react under those circumstances. These exercises emphasize discussion, problem-solving, and decision-making rather than a live, hands-on simulation.

We advise clients to use tabletop exercises to plan for cybersecurity threats. It’s essential to do this exercise often to keep a step ahead of bad actors, who are constantly looking for new ways to commit cyber attacks.

The Importance of Breach-and-Simulation Exercises

We advise our clients on how to do tabletop exercises and breach-and-simulation exercises. Breach-and-simulation exercises are also known as Purple Teaming. Purple Teaming is an industrywide collaborative approach that organizations use to strengthen their overall security posture. With Purple Teaming, one team simulates both attacks on cybersecurity perimeters and their defense. Each team member plays both the role of attacker and defender, which ensures a more robust and intricate breach/attack simulations. 

In a Purple Teaming exercise, the simulated attacks provide a realistic assessment of the organization’s vulnerabilities and the effectiveness of its defenses. The Purple Team uses this information to strengthen their defenses, improve response strategies, and train staff.

The primary goal of Purple Teaming is to create a feedback loop where both offensive and defensive strategies inform and enhance each other, leading to a more robust and resilient cybersecurity posture for the organization.

Purple Teaming can be adapted and expanded upon. For instance, at Centific, we have reimagined Purple Teaming to include fraud detection, in addition to cybersecurity. Doing this means we’ve incorporated fraud intelligence into Purple Teaming.

Bottom line: planning is essential.

The Generative AI Factor

To address the risks associated with technologies such as FraudGPT, businesses are implementing cyber-defense mechanisms powered by generative AI. An IBM survey has recently shown that top-level management is increasingly valuing generative AI for cybersecurity. A vast majority (84 percent) of those surveyed are in favor of these sophisticated systems over traditional security software. This change in attitude highlights the acknowledged capacity of generative AI to improve defenses against cyber threats.

In fact, businesses might consider applying the very tools used to threaten them to learn how to beat them. For instance, businesses can adopt generative AI to simulate cyberattacks to test their defenses. This can help businesses to identify weaknesses in their defenses and to develop new strategies for responding to cyberattacks. But it’s important that businesses tread carefully. Using a tool specifically designed to harm a company’s systems makes the company vulnerable to risks such as tool itself being compromised by insiders within an organization, turning the defense mechanism into a potential vulnerability.

These defenses aim to predict and neutralize the strategies used by bad actors to keep companies protected. Nonetheless, further measures are necessary to safeguard the underlying data and algorithms of these AI systems. If not properly secured, these models could be vulnerable to cyber incursions, which may undermine their reliability and lead to more extensive security violations.

How Generative AI Improves a Tabletop Exercise

Businesses can and should use generative AI to improve how tabletop exercises are conducted from creating better scenarios to doing post-exercise analysis. For example, with scenario creation, teams can use generative AI to craft complex and detailed scenarios. Gen AI can introduce unexpected twists or complications, adding a heightened sense of realism to the exercise. AI models can create scenarios based on large datasets, thereby reducing potential human biases. This avoids focusing too heavily on a single type of incident or relying on outdated threat models. AI can quickly suggest relevant scenarios, accelerating the exercise planning process.

With post-scenario analysis, generative AI can parse through the exercise transcripts or captured notes and identify critical decision points, bottlenecks in communication, or areas where procedures were deviated from. This helps pinpoint areas for improvement.

Of course, all uses of generative AI require human oversight. In the context of tabletop exercises, a human facilitator is critical to ensure scenario believability and proper focus. Generative AI is a tool, not a replacement for expertise. And the AI model’s output depends on the data it’s trained on. Businesses must ensure the data is reliable and relevant.

Lessons for Businesses

The Super Bowl’s approach to cybersecurity is more than an intriguing news story. It’s a wake-up call for people, organizations, and enterprises to treat cybersecurity threats with a Super Bowl level of urgency. By “living each day as if it were the Super Bowl,” everyone is in a better position to mitigate cyberattacks, data exfiltration, and fraud. Some important lessons include:

  • No organization operates in a vacuum. The threats against the Super Bowl represent the same kinds of risks that anyone organizing any virtual meeting face, albeit on a bigger scale. And as noted, businesses operate as complex ecosystems that include suppliers, employees, customers, and more. It’s getting harder to practice effective cybersecurity with so many vulnerabilities creating access for malicious parties. 
  • Planning and generative AI benefit anyone. You don’t need to operate on the scale of the Super Bowl to protect yourself. Businesses of all sizes have access to processes such as tabletop exercises and generative AI.
  • Find the right partners. As noted in news media coverage, the myriad risks associated with the Super Bowl require a team of partners to work together. Centific is a partner to many organizations in this regard. Centific has access to external threat intelligence. Centific's Generative AI platform assesses external threat intelligence and fraud intelligence, comprehends types of attacks, severity, and sources, and accelerates detection of insider threats and external threats. This mitigates data exfiltration and elevates zero trust, which is an important approach for maximizing cybersecurity defenses. For more insight, please read our blog post, “Should Your Business Adopt a Zero Trust Architecture?” 

To learn how Centific can help you, learn more about our Digital Safety Services on our website