The Bitter Sweet Sixteen: Hackers May Cause March Madness


Companies try hard to stop their employees from viewing NCAA tournament games each March. Human resource departments struggle to stop employees from watching their favorite teams. So much so that the NCAA March Madness application has a “boss mode” that will change the tournament live stream into a fake spreadsheet. 

But should companies be paying attention to their employees’ viewing habits or should they turn their attention to a different threat lurking in the shadows? 

Hackers live for these kinds of events because more people use their internet of things (IoT) web-connected devices at work to watch NCAA tournament games, Ofer Amitai, CEO of cybersecurity solutions company Portnox, told Bloomberg BNA. These cybercriminals always try to find “a hook into something that consumers love” to launch phishing, malware, botnet and other kinds of cyberattacks, he said. 

If hackers are successful, they’ll be able to glean important corporate information in addition to the troves of email addresses, credit card numbers, password information and other sensitive consumer data, Amitai said. 

There’s also big money on the line in addition to the troves of consumer data available to hackers. In 2014, Warren Buffet, the CEO of Berkshire Hathaway, insured a $1 billion prize by Quicken Loans Inc. if someone successfully picked the perfect bracket, according to Bloomberg View. Although the odds of picking a successful bracket is 1 in 9 quintillion, if a cybercriminal is able to successfully alter a bracket or disrupt a game in any manner the action could have serious financial consequences. 

Companies need to up their cybersecurity posture during these big events that will draw more web traffic, Amitai said. Generally, companies should use controls to limit what devices are connected to protected internal networks, limit applications installed on corporate devices and educate employees on how to avoid those costly phishing schemes. 

Alternatively, companies could allow employees to watch the NCAA tournament games through approved websites, Amitai said. Employees that are allowed to watch games may be a bit distracted during the day but won’t harm corporate networks or add costly cybersecurity risk to the company, he said. In fact, March Madness may even make workers more productive and happy throughout the day, according to Bloomberg News

At the end of the day, “cybersecurity is translated into dollars and cost for the organization” and the cheapest counter-measure is to let employees watch the games, Amitai said.

On, Wisconsin!

To keep up with the constantly evolving world of privacy and security sign up for the Bloomberg BNA Privacy and Security Update.