The numbers surrounding the National Football League’s Super Bowl LVII Sunday in Arizona are staggering.

More than $150 million in bets will be placed, the host city will see upwards of $400 million in direct and indirect revenue surrounding the event day, 100 million pounds of chicken wings will be consumed and, of course, the volume of web traffic and information shared both prior to and on game day will be measured in petabytes. From speculation to prediction algorithms that claim to know the game’s results, the Super Bowl is huge by nearly every measure — which also creates enormous threat opportunities.

What exactly are threat opportunities? Simply put, they’re events or occurrences that provide threat actors a means to take advantage of a business or individual to derive their own benefit or outcome through compromised software or hardware, resulting in some measurable loss. Often, this is in the form of direct monetary payments, such as ransomware, but indirect damage and activities can also occur, resulting in leverage or other compromise.

With distractions at every turn, user awareness suffers, and threat incidents rise during major sporting events, including the Super Bowl, the World Cup or the Masters Tournament. Threat actors play on popular, relevant topics such as athlete profiles, injuries or starting lineups to create seed of interest attacks. These attacks then link to sites delivering anything from insider information to unique downloads that promise an advantage in game-related activities such as betting.

As we lead up to the big day, there are three groups that need to be hyper-aware of their security postures to create the most secure experience for everyone involved.

First, the organizations responsible for putting on these events must take extra care to ensure all the security prep work has been done. This means that all employees need to have taken the most recent user awareness training, vulnerable software is patched wherever possible, and network signatures are up to date wherever patches cannot be applied.

Next, those fortunate enough to attend the event in person must take every precaution when taking advantage of on-site perks. Threat actors may deploy advanced “man-in-the-middle” attacks that use a fabricated resource or website, such as stadium management or parking guidance, as a shim between the user and the real resource. This fools the user into submitting sensitive credentials or credit card details via this portal thinking that they are getting the service without interference. Some helpful tips to avoid such attacks include:

• Ensure multifactor authentication is turned on for all accounts.
• Set up thresholds or alerts that notify you when certain triggers are hit ($500-plus purchases, for example).
• Consider contactless payment as a good approach to ensure you never part with your card.

Additionally, fans should keep a close eye on their transactions, both before and after the event, as a consumer, but also at work. This additional diligence with bills and for all transactions will help you avoid falling prey to both scams as well as simple charging errors that might occur.

Finally, though it’s critical for attending fans and stadium staff to be vigilant with their security practices, the onus is really on the networking companies and security professionals to create a secure event throughout the entire stadium.

Specifically, for the security practitioners, it’s critical to have monitoring on maximum alert and ensure their security operations center and incident response teams have up-to-date workflows and response plans in addition to sufficient staff to support any investigation or forensic work. It’s unrealistic for most organizations to think they can block any threat, but early detection and remediation can spell the difference between incident response and a breach or ransomware event.

So, whether you end up watching in person or from home, or even ignoring it altogether, the volume of cyberattacks will spike. Whether they are effective will come down to diligence, awareness, good security tech and great operations work.

Mike Spanbauer is senior director and technology evangelist for security at Juniper Networks Inc. He wrote this article for SiliconANGLE.

Photo: WikiImages/Pixabay