Elad Shapira

Which NFL Teams Have the Best Cyber Defense?

NFL blue color

With football season just around the corner, we at Panorays decided to test the strength of NFL teams’ cyber defenses.

We did this by simulating a hacker’s view to uncover cyber gaps on NFL team websites and digital assets. Above all, we wanted to know: Would there be any correlation between how teams played on the field and how their websites withstood cyberattacks?

The results are in, and we have some surprising predictions for the upcoming season. And as part of our motivation for this research, we aim at winning an Ig Nobel prize!

Cyber Defense vs. Football Defense

NFL1“We will keep our ports closed and you will have your certificates trusted!”

Surprisingly, some teams excel at cyber defense more than defense on the field.


Team

Panorays Cybersecurity Rating

NFL Standing

Kansas City Chiefs

#1

#10

New York Jets

#2

#27

Miami Dolphins

#3

#22

Los Angeles Rams

#4

#6

Pittsburgh Steelers

#5

#4

Take, for example, the New York Jets and the Miami Dolphins. These two teams were not that successful last year during football season, but their security posture is quite good compared to the other teams. The Jets ranked #2 on Panorays, compared to #27 in the season, and the Dolphins ranked #3 for cyber posture, compared to #22 during the season.

Is it possible that they are focusing on cybersecurity more than football?

nfl2

“If you find a flash drive outside the Dolphins offices, don’t plug it into our computers and servers!”

In fact, overall we found that there was no correlation between NFL standings and teams’ cyber posture. This can be seen in the graph below, where we mapped the top 10 teams with the highest Panorays cyber rating and their standings in the NFL:

nflgraph

Undeterred, we continued with our research to uncover some sort of pattern.

The Role of Revenue, Size and Digital Assets

We hypothesized that the teams with the largest franchises and highest revenues would likely invest more in cybersecurity. But as indicated on the chart below, this was not necessarily the case.

Team

Panorays Cybersecurity Rating

Franchise Ranking

2016 Revenues Ranking

Kansas City Chiefs

#1

#24

#25

New York Jets

#2

#9

#7

Miami Dolphins

#3

#12

#19

Los Angeles Rams

#4

#6

#20

Pittsburgh Steelers

#5

#16

#13


In fact, we discovered that the Chiefs, who received the highest ranking for cybersecurity, were not even close to having the highest revenue or largest franchise.

We also presumed that the most secure teams would have less digital assets to attack. We found that this was indeed true.


Team

Panorays Cybersecurity Rating

Digital Assets Ranking

Kansas City Chiefs

#1

#31

New York Jets

#2

#11

Miami Dolphins

#3

#21

Los Angeles Rams

#4

#32

Pittsburgh Steelers

#5

#13


This result made sense, since less digital assets result in a smaller attack surface, and thus a better cybersecurity posture.

The Human Factor

What motivates hackers? Money, secrets, fun and revenge (served cold).

Multiple resources on the web indicate that the Pats are the most hated team in the NFL — a consequence, perhaps, of their success on the field. Interestingly, we discovered that the Pats have a consistently strong cybersecurity rating; they are ranked #12 out of all the NFL teams. Could it be because they are expecting more hackers than other teams?

nfl3

Meanwhile, the Dallas Cowboys ranked #2 as the most hated, while the Philadelphia Eagles ranked #3. Based on this parameter, both teams need to improve their cyber defense efforts.

Cybersecurity and Football Stats

We tried to come up with a correlation between various cybersecurity categories and football-related categories.

For example, we compared football interceptions to SSL cybersecurity postures. Is there a correlation between teams that know how to defend their SSL postures and teams with good interceptions ratings?

Team

Panorays SSL Rating

NFL defense interceptions 2017

Kansas City Chiefs

#1

#9

New Orleans Saints

#2

#3

Los Angeles Rams

#3

#6

Baltimore Ravens

#4

#1

Jacksonville Jaguars

#5

#2


Surprisingly, we found that teams with good SSL cyber posture are also ranked high on the list for the most interceptions during the 2017 season.

nfl4

Yes! We can log in without worries!

We went the extra mile and decided to compare mail server cyber posture to passing in football. Does the team with the best mail server cyber posture rank among the highest for passing in the NFL?


Team

Panorays Mail Server Rating

NFL offensive passing 2017

Houston Texans

#1

#21

Kansas City Chiefs

#2

#7

Los Angeles Rams

#3

#10

Jacksonville Jaguars

#4

#17

Denver Broncos

#5

#20

Looks like we can use some of Deshaun Watson’s passing abilities to make our mail server more secure.

The final test was to see if teams with good web server cyber posture are also good at defense. For this category, we used sacks as our defensive measurement:


Team

Panorays Web Server Rating

NFL Defense sacks 2017

Pittsburgh Steelers

#1

#1

Los Angeles Chargers

#2

#5

San Francisco 49ers

#3

#26

Dallas Cowboys

#4

#15

Cincinnati Bengals

#5

#11

Boom!

At this point we started to seriously think about applying for a potential new position in the NFL as cyber coordinator.

Our Prediction for the Winning Team

The Kansas City Chiefs were found to be the team with the best cyber security posture! We predict that they could very well be the champions of the NFL 2018 season.Kansas_City_Chiefs-1

In security, we always say that the best defense is a good offense, and as the Chiefs were ranked #5 on both defense and offense in the 2017 regular season, we can see they are doing something right here.

Of course, they haven’t won the Super Bowl since 1970. But you never know.

Personal Note

I am a Steelers fan, and I’d like to take this opportunity to wish the team luck this season. I’m sure they will make us proud!

I wish all football fans a great season!

Elad


Posts containing: