For years, the NFL and CISA have met 12-18 months before the Super Bowl. With the 2025 Super Bowl set to take place in New Orleans, the NFL has ensured that businesses offering services during the Super Bowl understand CISA’s services, such as tabletop exercises, training, awareness campaigns, vulnerability scanning, and penetration testing.
The NFL and CISA also collaborate to identify and mitigate advanced persistent threats and sophisticated, prolonged cyberattacks that aim to steal sensitive information or sabotage operations. Cloud computing introduces unique cybersecurity challenges, making it crucial to secure cloud infrastructure against misconfigurations and inadequate access controls.
For example, a donut shop near the Super Bowl might take advantage of tools such as a public scan of the shop’s public-facing websites, to ensure there are no vulnerabilities open to exploitation. CISA can also offer baseline security goals that will give organizations ideas on improving their security.
CISA has cybersecurity advisors in every state who can engage with businesses that face potential threats. While the type of threat an energy company may face is likely more severe than that of a donut shop, even a donut shop is likely to handle large amounts of personal information and can benefit from vulnerability scans. CISA is also heavily focused on helping businesses prevent and triage ransomware attacks. Said Greene, “If we believe a business is under attack right now or being targeted, we’ll reach out directly and recommend counter-cyberattack measures they should be focusing on.”
Password managers help safeguard against ransomware by enabling users to generate strong and unique passwords for each site they visit. This reduces the risk of password reuse and stops people from defaulting to weaker passwords simply because they’re easy to remember, reducing the likelihood of credential theft.
Cybersecurity challenges when managing sensitive data
Businesses that operate as an “organization of organizations” face many unique cybersecurity challenges. The NFL oversees 32 clubs, each operating its own additional lines of business.
“The security practices, protocols, and programs we’ve designed are aligned with NIST cybersecurity recommendations. Of course, we also ensure we’re taking advantage of the services offered by CISA. The individual clubs understand how the league can help them and also how they can locally benefit from government cybersecurity services.” ~ Tomás Maldonado
Individual clubs often work closely with local businesses and services, and they pass on the security best practices they observe to their supply chain providers.
