NFL's Cyber Gameplan

CybersecurityHQ News

Welcome reader to your CybersecurityHQ report

Cypago - Enterprise-grade Cyber GRC Platform

Cypago enables strategic decision making through a full Cyber GRC product suite to help you avoid business reputation impact, financial or client trust losses

NFL Season Kickoff Highlights Growing Cybersecurity Challenges Amid Technological Evolution

The National Football League (NFL) kicked off its 2024 season this past weekend, and while the game on the field remains largely unchanged—aside from tweaks like new kicking rules—the technological landscape surrounding the league is evolving rapidly. As NFL franchises become increasingly reliant on digital operations, they're also facing heightened cybersecurity threats.

Sports teams, much like any enterprise, manage a complex mix of physical and digital assets. But the NFL’s blend of technology, data, and fan engagement creates a unique cocktail of critical infrastructure that's increasingly at risk. From pervasive stadium Wi-Fi enabling concession sales and in-game engagement to sophisticated loyalty programs and biometric verification, every facet of the game-day experience is now tied to vast amounts of data.

At the center of this data-driven transformation is the need to protect sensitive information—whether it's about fans, players, or venue operations. "When I started here 20 years ago, there wasn't a lot of tech in our stadiums—they were concrete buildings with little more than cash registers," recalls Brandon Covert, VP of IT for the Cleveland Browns. “Now we have pervasive Wi-Fi, biometric payments, and digital touchpoints everywhere. All of this tech brings new risks, and our job is to constantly mitigate those risks.”

Managing a Season’s Worth of Data

As the Browns kicked off their home opener at Huntington Bank Field on September 8th, the team’s IT and cybersecurity divisions had already spent months preparing. From securing player data and broadcast feeds to safeguarding fan information, the goal is clear: prevent any disruptions, both on and off the field.

For Covert, protecting data goes beyond just stopping cyberattacks—it’s about preserving trust. “Our relationship with fans is deeply personal. We don’t want to be involved in a data breach that jeopardizes that trust, especially in an era when fans are entrusting us with more of their personal information than ever before.”

The explosion of legalized sports betting has only added to the stakes, both for teams and fans. Cybercriminals are increasingly eyeing sensitive fan data, and there’s a very real possibility that this data could find its way to malicious forums, according to Jake Aurand, counterintelligence lead at Binary Defense, a firm that works with the Browns.

"Teams hold vast amounts of information—from biometric data to payment card details—so we’re constantly scanning dark web forums for any signs that fan or player data has been compromised," Aurand explains. Beyond digital threats, the physical security of these venues remains a priority, too.

Ransomware and the Threat of Game-Day Chaos

Among the most pressing concerns in sports cybersecurity is ransomware. "Ransomware isn't going anywhere," says Brad Garnett, director of Cisco's Talos Incident Response team. “Any attack that could impact the integrity of the game—whether that’s football, baseball, or basketball—raises alarms.”

The possibility of a cyberattack affecting a live broadcast or even something as simple as posting a false threat on a stadium scoreboard is a very real scenario, adds NFL CISO Tomás Maldonado, who is now in his sixth season protecting the league’s critical infrastructure. "Many people don’t fully appreciate the convergence between cyber and physical security, but a cyber event can have huge ramifications."

Fighting a Game of 1s and 0s

Binary Defense’s Aurand notes that about half of the threats faced by NFL teams have a cyber-physical component, while the other half focus purely on data theft. Scams targeting fans, from selling counterfeit team merchandise to phishing schemes, are common occurrences.

To combat these risks, the NFL works closely with organizations like the Cybersecurity and Infrastructure Security Agency (CISA) to conduct annual incident response exercises. “Teams need to be proactive,” Aurand emphasizes. "You need a defense system that identifies and neutralizes threats in real-time, stopping attackers before they can do real damage."

As the NFL continues to push the boundaries of technological innovation, the league’s focus on cybersecurity will only intensify, ensuring that the game remains not just a battle on the field, but also in the digital realm.

Stay Safe, Stay Secure.

The CybersecurityHQ Team

Reply

or to participate.