people in place to protect themselves against potential threats. Add- ing to the complex nature of today’s threat landscape, businesses are also evolving to focus on more digital services and offerings, meaning there’s ample opportunity for hackers to infiltrate a company’s IT in- frastructure and get ahold of critical business and user information.
As we continue to see large consumer-facing brands in the head- lines, how can venues avoid becoming the next major target for cy- bercriminals?
Venues—The Next Big Cyber Target?
Large venues, conference centers and arenas offer ample opportunity for hackers to get ahold of data. The Mercedes-Benz Stadium, the host of the 2018 Super Bowl, can accommodate up to 71,000 fans. The Indianapolis Motor Speedway, the largest sports venue in the United States, can accommodate up to 257,000 people. With capaci- ties this large, venues automatically provide plenty of opportunities for hackers to take advantage of the data fans bring into stadiums and the technology that keeps an event running smoothly.
Going beyond the digital devices fans bring to an event, venues have a vast environment of IT networking equipment behind the scenes that is vulnerable to an attack. Venues have infrastructure in place to ensure smooth and safe operations.
For instance, industrial control systems, streaming technologies and communications mechanisms for public safety and crowd control are just a few examples of the types of capabilities that require com- plex IT infrastructure, and these systems are all managed by teams of IT personnel who often go unnoticed by fans during events. On top of ensuring live events run smoothly for fans, both inside and outside of a venue, IT teams must ensure their infrastructure is working ef- ficiently and effectively to reduce the risks to public safety.
This is a big task for IT teams that are often limited in size and resources, meaning it’s critical that they have the right cyber infra- structure and resources in place to ensure smooth and safe operations for guests. In January, the 2019 College Football Playoff National Championship saw more than 240,000 events generated in the two- day period surrounding the game. This is a huge volume of events to manage, and to put it into perspective, it would likely take 125 trained analysts to investigate this number of events within this time- frame—yet most venues don’t have the luxury of having teams of this size. To overcome this challenge, it’s important for venues to consider augmenting human capability with the right tools to meet today’s cyber infrastructure needs.
As cyberattacks continue to become more prevalent, impact- ful and damaging, venues—like other businesses—cannot afford to stand on the sidelines of cyber modernization, they must take steps now to prevent potential threats from making an impact in the future.
The following are three considerations for prepping a venue for the future of cybercrime.
Combine the Best of Human Judgement with the Scale and Flexibility of Technology
More likely than not, the threat landscape will continue to grow in complexity and expand its impact, yet venues, like other organiza- tions, struggle to find the talent needed to thwart threats. In fact, according to (ISC)2, organizations globally are facing a shortage of almost 3 million cybersecurity professionals.
As IT teams continue to be stretched for resources and talent, ven- ues must look to combine the abilities of human insight and decision- making with the depth of analysis that technology provides. IT teams today don’t have the luxury of excess time to hire, train and retain the analysts they need, plus the old ways of building SOCs are outdated, expensive and time-consuming.
Teams today need modern systems that can handle the large amount of data sources and help to automate the decision-making
process to free up analyst time and help security teams operate at a more effective level. This means investing in tools that go beyond pro- viding alerts to providing the context needed to help analysts spend time on the situations that truly matter. For example, platforms that use mathematical models, like a Bayesian inference, an approach that focuses on making decisions under uncertainty, can better inform de- cision-making and prevent mistakes. This approach embeds expertise and provides analysts with a deeper, more accurate understanding of the relationships between the variables to better diagnose threats and better position themselves within their organization.
Understand the Environment and Focus on the Data that Matters
With the right combination of people and technology in place, secu- rity teams are positioned to be more efficient and accurate, but they must first determine what’s most important to the organization. As the amount of security sensors and data types continues to expand, security teams can easily get overwhelmed by the data that needs to be monitored and analyzed.
As a first step, teams must first identify and prioritize the venue’s critical data sources to determine what’s most important and impact- ful for ensuring security events are mitigated before the cause dam- age. For example, endpoint protection, network intrusion detection and web proxy/filtering are three critical data sources to consider for frontline monitoring.
It is also important to go beyond the data and understand the environment that needs monitoring. Critical and high-value assets, such as IT infrastructure, communications systems and public safety systems, should be prioritized and analyzed in context to ensure se- curity teams can make accurate escalation decisions if and when an event occurs.
Critical and high-value accounts, such as IT administration ac- count, executives and other high-level privileges, as well as external intelligence like geo-location data, should also be taken into consid- eration when analyzing a venue’s security environment.
Once the data that matters most is identified, teams can more ac- curately establish network security procedures, and begin to develop an incident response plan that is designed to best secure a venue and its visitors.
Boost Collaboration Between All Security Stakeholders
Technology integrations can only be successful when venues ensure they are bolstering collaboration between all stakeholders, including IT and security teams, operations and law enforcement officials. Like other large businesses, the scale of operations at venues can be com- plex and fast moving, meaning teams must be tightly organized and able to react to quickly changing environments on short notice.
With the right technology on standby to gather, analyze and alert analysts, venues must involve all security stakeholders early on to en- sure alerts can be acted on when necessary, especially when public safety is at stake. Security Analysts must work quickly and be in sync with security and law enforcement teams to prevent potential harm to venue guests.
It is only a matter of time before a major cyberattack affects a large event somewhere in the United States, so venues must be pre- pared to act quickly and effectively before large-scale disruption, revenue loss or harm occurs. Only when the best
capabilities of both human team members and
technology are combined, will venues be better
able to respond to threats and prevent them from
making an impact in the first place.
Chris Calvert is a co-founder and vice president of product strategy at Respond Software.
12
MAY/JUNE 2019 | SECURITY TODAY
CYBERSECURITY