What Super Bowl LII Ads Can Teach You about Privileged Account Security

February 5, 2018 Katie Curtin-Mestre

It is the day after Super Bowl LII, and sadly, Patriots fans did not wake up savoring the good feeling of their sixth Super Bowl win with Tom Brady. In our household, there is now a temporary ban on sports radio until talk of this Super Bowl dies down over the airwaves.

Although the game was a big disappointment for Patriots players and fans alike, this year’s Super Bowl ads delivered some fun and entertainment. As I sip my morning coffee, I’m recalling some of my favorite and least favorite ads of Super Bowl LII and drawing parallels between them and cyber security—privileged account security in particular.

So let’s start with (arguably) my least favorite ads of this Super Bowl. One is the Intuit TurboTax ads which featured a poorly animated creature hiding under the bed. The other ad featured a Casper-like ghost hiding in the attic which played much better. The main message of both ads was that U.S. tax payers should not fear or delay filing their taxes. Instead, they should get started now with the friendly assistance of TurboTax’s experts.

And how might this Super Bowl ad relate to privileged account security you ask? Security teams also face hard deadlines and often feel overwhelmed trying “get it all done.” Some organizations delay moving forward with a comprehensive privileged account security program because they don’t know where to begin. But just like April 15 and the “tax man who cometh,” infrastructure and applications will get breached, so it’s essential to proactively mitigate the risks associated with privileged accounts and credentials—whether the risks comes from human error, malicious insiders, or external attackers.

Security teams don’t have to wait until the proverbial April 14 to get started; a good resource to consider is CyberArk’s CISO View report titled, “Rapid Risk Reduction: A 30-Day Sprint to Protect Privileged Credentials.” This report provides an inside look at the lessons learned from several high-profile data breaches and offers a proven framework for an intensive sprint of approximately 30 days to implement a set of controls around privileged credentials.

But what about the best Super Bowl LII ads? Can we learn anything about privileged account security from these as well? But of course!  My top three favorite ads were Fire and Ice for Doritos and Mt. Dew, Amazon’s Alexa gets some new voices, and the NFL ad featuring Eli Manning and Odell Beckham’s “Dirty Dancing.”  Although the Alexa ad has some obvious cyber security angles (who hasn’t read stories about the “what ifs” of your smart home devices getting hacked), I am going to explore the privileged account security connections of the Manning and Beckham ad instead.

Now the connection to privileged account security for this ad is a tad more subtle than the TurboTax ad. This ad made me think about the organizational issues that sometimes get in the way of companies moving forward with any type of cyber security program, whether privileged account security-related or otherwise. Instead of the harmonious flow of Beckham and Manning and the rest of the team dancing in the background, organizations often let discord between the different parts of the company (security, IT operations, DevOps and developers) get in the way of tackling the security risks that they know are out there and need to get addressed. The consequences of not addressing these risks is, of course, far more serious than a missed touchdown pass or the sack that sealed the Patriot’s defeat at the end of the game.

So, what was your favorite Super Bowl LII ad and why? Let us know via Twitter @CyberArk or @kcmestre.

Previous Article
Feels like a Cyber Security Groundhog’s Day
Feels like a Cyber Security Groundhog’s Day

Feels like a Cyber Security Groundhog’s Day

Next Article
New Research Paper: Pass-the-Hash Detection
New Research Paper: Pass-the-Hash Detection

CyberArk Labs recently published a preview of research on our Threat Research Blog exploring ways to detect...