Cybersecurity

CISA blitzes Super Bowl with cyber campaign as businesses fumble security

This audio is auto-generated. Please let us know if you have feedback.

Dive Brief:

  • The Cybersecurity and Infrastructure Security Agency’s awareness campaign, Secure Our World, got a big boost from the NFL this week as it prepares to put on the Super Bowl, the biggest annual event in American sports.
  • The public service announcement campaign, which CISA launched in September, encourages people and small- to medium-sized businesses to use strong passwords, enable multifactor authentication, identify and report phishing, and update software regularly. CISA created videos to display online, at the NFL Experience in Las Vegas and in the stadium during the game. 
  • The NFL also pledged to get its 32 teams involved after the big game, to help advance cybersecurity awareness and share tips with fans throughout the 2024-2025 season.

Dive Insight:

By partnering with the NFL, CISA is adding star power to an ongoing campaign to spur people and businesses to raise their cyber defenses and improve behaviors online.

The mass market campaign on one of the world’s biggest stages follows stark warnings from federal cyber authorities about China state-sponsored intrusions and ongoing malicious activity targeting multiple critical infrastructure providers in the U.S.

Federal cyber authorities’ heightened attention on Las Vegas isn’t temporary or limited to the big game. A pair of the city’s showcase hotel and casino companies were hit by major cyberattacks last summer that caused significant financial losses and operational impacts.

The group of threat actors behind the attacks against MGM Resorts and Caesars Entertainment are social engineering experts. Scattered Spider often intrudes networks of large companies using broad phishing campaigns with victim-specific domains designed to look like legitimate portals for single sign-on services, such as Okta, or IT desks.

The FBI in November warned that ransomware threat groups are exploiting vulnerabilities in vendor-controlled remote access systems to intrude casino servers and initiate attacks.

“Making cybersecurity easier to understand and more approachable is key to helping people be more safe online,” Alaina Clark, assistant director for stakeholder engagement at CISA, said via email. “Cyber is a team sport, and we all have a place on the team in protecting our larger cyber ecosystem.”