With football season just around the corner, we at Panorays decided to test the strength of NFL teams’ cyber defenses.
We did this by simulating a hacker’s view to uncover cyber gaps on NFL team websites and digital assets. Above all, we wanted to know: Would there be any correlation between how teams played on the field and how their websites withstood cyberattacks?
The results are in, and we have some surprising predictions for the upcoming season. And as part of our motivation for this research, we aim at winning an Ig Nobel prize!
“We will keep our ports closed and you will have your certificates trusted!”
Surprisingly, some teams excel at cyber defense more than defense on the field.
|Team||Panorays Cybersecurity Rating||NFL Standing|
|Kansas City Chiefs||#1||#10|
|New York Jets||#2||#27|
|Los Angeles Rams||#4||#6|
Take, for example, the New York Jets and the Miami Dolphins. These two teams were not that successful last year during football season, but their security posture is quite good compared to the other teams. The Jets ranked #2 on Panorays, compared to #27 in the season, and the Dolphins ranked #3 for cyber posture, compared to #22 during the season.
Is it possible that they are focusing on cybersecurity more than football?
“If you find a flash drive outside the Dolphins offices, don’t plug it into our computers and servers!”
In fact, overall we found that there was no correlation between NFL standings and teams’ cyber posture. This can be seen in the graph below, where we mapped the top 10 teams with the highest Panorays cyber rating and their standings in the NFL:
Undeterred, we continued with our research to uncover some sort of pattern.
We hypothesized that the teams with the largest franchises and highest revenues would likely invest more in cybersecurity. But as indicated on the chart below, this was not necessarily the case.
|Team||Panorays Cybersecurity Rating||Franchise Ranking||2016 Revenues Ranking|
|Kansas City Chiefs||#1||#24||#25|
|New York Jets||#2||#9||#7|
|Los Angeles Rams||#4||#6||#20|
In fact, we discovered that the Chiefs, who received the highest ranking for cybersecurity, were not even close to having the highest revenue or largest franchise.
We also presumed that the most secure teams would have less digital assets to attack. We found that this was indeed true.
|Team||Panorays Cybersecurity Rating||Digital Assets Ranking|
|Kansas City Chiefs||#1||#31|
|New York Jets||#2||#11|
|Los Angeles Rams||#4||#32|
This result made sense, since less digital assets result in a smaller attack surface, and thus a better cybersecurity posture.
What motivates hackers? Money, secrets, fun and revenge (served cold).
Multiple resources on the web indicate that the Pats are the most hated team in the NFL — a consequence, perhaps, of their success on the field. Interestingly, we discovered that the Pats have a consistently strong cybersecurity rating; they are ranked #12 out of all the NFL teams. Could it be because they are expecting more hackers than other teams?
Meanwhile, the Dallas Cowboys ranked #2 as the most hated, while the Philadelphia Eagles ranked #3. Based on this parameter, both teams need to improve their cyber defense efforts.
We tried to come up with a correlation between various cybersecurity categories and football-related categories.
For example, we compared football interceptions to SSL cybersecurity postures. Is there a correlation between teams that know how to defend their SSL postures and teams with good interceptions ratings?
|Team||Panorays SSL Rating||NFL defense interceptions 2017|
|Kansas City Chiefs||#1||#9|
|New Orleans Saints||#2||#3|
|Los Angeles Rams||#3||#6|
Surprisingly, we found that teams with good SSL cyber posture are also ranked high on the list for the most interceptions during the 2017 season.
Yes! We can log in without worries!
We went the extra mile and decided to compare mail server cyber posture to passing in football. Does the team with the best mail server cyber posture rank among the highest for passing in the NFL?
|Team||Panorays Mail Server Rating||NFL offensive passing 2017|
|Kansas City Chiefs||#2||#7|
|Los Angeles Rams||#3||#10|
Looks like we can use some of Deshaun Watson’s passing abilities to make our mail server more secure.
The final test was to see if teams with good web server cyber posture are also good at defense. For this category, we used sacks as our defensive measurement:
|Team||Panorays Web Server Rating||NFL Defense sacks 2017|
|Los Angeles Chargers||#2||#5|
|San Francisco 49ers||#3||#26|
At this point we started to seriously think about applying for a potential new position in the NFL as cyber coordinator.
The Kansas City Chiefs were found to be the team with the best cyber security posture! We predict that they could very well be the champions of the NFL 2018 season.
In security, we always say that the best defense is a good offense, and as the Chiefs were ranked #5 on both defense and offense in the 2017 regular season, we can see they are doing something right here.
Of course, they haven’t won the Super Bowl since 1970. But you never know.
I am a Steelers fan, and I’d like to take this opportunity to wish the team luck this season. I’m sure they will make us proud!
I wish all football fans a great season!