Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

News & Commentary

4/23/2020
02:00 PM
Shane Buckley
Shane Buckley
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Resiliency: The Trait National Sporting Leagues Share with Security & IT Teams

During unprecedented times such as these, both businesses and professional sports are forced to go back to basics.

The implications of COVID-19 go well beyond the issue of securing the now-majority of remote workers across the world. At the beginning of the month, 75% of Americans were under strict stay-at-home orders, requiring an urgent shift from the workplace to home. In some cases, this took place overnight. At the same time, McKinsey & Company estimates that up to 54 million net jobs are vulnerable to reductions in hours or pay, temporary furloughs, or permanent layoffs, reinforcing the inability to go back to work anytime soon.

With this sobering reality comes an urgent shift in business and security strategy for all industries, and the realization that we need to be able to do more with less. Less budget, fewer resources, and less in-person interaction and collaboration.

No industry is immune to this need to move virtual ways of working, from people in healthcare to entertainment and education. This brings me to the latest announcement in the ever-surprising reality of virtual events: The much-anticipated NFL draft is going virtual for the first time this evening.

In both the worlds of business and professional sports, resiliency is the key to adapting to challenging and trying times. We need to be able to adjust, adapt, stay secure, and get the most out of the situation with the tools ーor playersー at hand. The need for resiliency is one thing we can all agree on as we search for a path to normalcy.

Get Ready for the Unexpected — Virtually
IT and security professionals, along with the rest of us, have suddenly been thrust into a virtual economy where the demands on digital infrastructure ー and securing that infrastructure ー have changed instantly. Before the pandemic, we would have never imagined a time where teachers finished the spring semester via Zoom, Major League Baseball's spring training was cut short, opening day delayed, and stock market projections would be worse than that of the 2008 financial crisis.

In light of this new world we are living in, the NFL season is facing its first virtual move amid the pandemic in order to keep fans engaged, allow dreams to come true for college stars who have dedicated their lives to the sport, and hopefully provide sports fans around the country with a light at the end of the tunnel for the fall kickoff.

Nearly every person will watch the virtual draft remotely tonight because the league's commissioner, Roger Goodell, is broadcasting it from his home basement. With this virtual move comes its own set of security risks and demands on IT infrastructure, as threat actors look to take advantage of online activity. The thought of an opposing team having access to sensitive information, such as a team's playbook or draft strategy, could be the end to the team's season before it even starts.

We're All Transforming, Overnight
While some may think the virtual draft will negatively affect scouts and teams, others disagree. If the NFL wants to have a season and fans that will tune into it, it has to create the excitement early with something as monumental as the draft. The same can be said for security leaders during this time who had to adjust quickly, get their teams on board, and instill trust with their customer base. Of course, it's expected that there will be some levels of discomfort among these rapid changes, but adapting and remaining resilient is key.

Security should always be at the forefront of business strategy and planning, but especially now amid the remote workforce and subsequent growing attack surface that requires a secure and borderless network. It's important that IT and security teams can protect the remote workforce from opportunistic hackers looking to take advantage of virtual events like Draft Day or other online activities. It's critical for networks to be secure, maintain their performance, and keep up the good user experience amid these changes. These requirements are part of maintaining business continuity, which is incredibly important during this time.

Together, Let's Learn and Adapt to this New World
During unprecedented times such as these, businesses and professional sports alike are forced to go back to basics. We don't have the benefit of in-person interaction, advice, and consultation like we once did. Security teams are forced to do more with less — from a resource, team, and budget perspective — as are NFL coaches during a virtual draft.

The solution lies in having the right kind of data to help you understand performance — again, a parallel between network performance and the draft. Coaches will have to lean on previously stored data and statistics rather than speaking directly to a scout, player, or analyst in the moment. Some say it's like the draft is going back in time to that of the 1970s, but I like to think we're adapting and learning new ways of working and living.

Security and infosec pros tasked with complex infrastructure development, implementation, maintenance, and security need a clear view into what's happening within the network, and they need it quickly. While our current situation will be fluid for some time, what is here to stay is the need for performance and security in a rapidly shifting network and the optimization of costs with an uncertain budget. Being resilient during these times is key, and we'll need to remember how we got through these times, even as we get back to "normal." Personally, I'm looking forward to tuning into the NFL season this fall, and continuing to cheer on my team, even if it's from home.

Related Content:

A listing of free products and services compiled for Dark Reading by Omdia analysts to help meet the challenges of COVID-19. 

Shane Buckley is President and Chief Operating Officer of Gigamon with responsibility for expanding the company's business and markets worldwide. He brings more than 20 years of executive management experience to the team and joins Gigamon from Xirrus where he was CEO prior ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
COVID-19: Latest Security News & Commentary
Dark Reading Staff 6/4/2020
Abandoned Apps May Pose Security Risk to Mobile Devices
Robert Lemos, Contributing Writer,  5/29/2020
How AI and Automation Can Help Bridge the Cybersecurity Talent Gap
Peter Barker, Chief Product Officer at ForgeRock,  6/1/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: What? IT said I needed virus protection!
Current Issue
How Cybersecurity Incident Response Programs Work (and Why Some Don't)
This Tech Digest takes a look at the vital role cybersecurity incident response (IR) plays in managing cyber-risk within organizations. Download the Tech Digest today to find out how well-planned IR programs can detect intrusions, contain breaches, and help an organization restore normal operations.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-13768
PUBLISHED: 2020-06-04
In MiniShare before 1.4.2, there is a stack-based buffer overflow via an HTTP PUT request, which allows an attacker to achieve arbitrary code execution, a similar issue to CVE-2018-19861, CVE-2018-19862, and CVE-2019-17601. NOTE: this product is discontinued.
CVE-2020-13849
PUBLISHED: 2020-06-04
The MQTT protocol 3.1.1 requires a server to set a timeout value of 1.5 times the Keep-Alive value specified by a client, which allows remote attackers to cause a denial of service (loss of the ability to establish new connections), as demonstrated by SlowITe.
CVE-2020-13848
PUBLISHED: 2020-06-04
Portable UPnP SDK (aka libupnp) 1.12.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SSDP message due to a NULL pointer dereference in the functions FindServiceControlURLPath and FindServiceEventURLPath in genlib/service_table/service_table.c.
CVE-2020-11682
PUBLISHED: 2020-06-04
Castel NextGen DVR v1.0.0 is vulnerable to CSRF in all state-changing request. A __RequestVerificationToken is set by the web interface, and included in requests sent by web interface. However, this token is not verified by the application: the token can be removed from all requests and the request ...
CVE-2020-12847
PUBLISHED: 2020-06-04
Pydio Cells 2.0.4 web application offers an administrative console named “Cells Console� that is available to users with an administrator role. This console provides an administrator user with the possibility of changing several settings, including the applicat...