We owe our information security teams the same kind of focused support the NFL provides to their officials, coaches and teams. The job is challenging. The stakes are high. And they “only need to be wrong once.”
We recently completed a tabletop incident response exercise for a large customer of ours. We made a point to compliment the CISO, our main contact at the financial institution, for the great job he does ensuring the safety and security of his bank. He quickly brushed aside the praise and admonished us (and his executive team) with, “I only need to be wrong once!”
He’s right. And if you are a CISO or information security professional, I am sure you can empathize. At DefenseStorm, our customers send us on average almost 90 million log events every day. That’s a big hill to climb while worrying about “one mistake”.
At some level, that’s the nature of the job. But the pressure not to have a negative impact is huge. And the Super Bowl February 13 pitting the Rams and Bengals made me think of this conundrum a couple of times.
In the first case, one of the officials made “one mistake”. And it cost the Rams a touchdown! As you can see clearly in the picture on the right, Bengals’ receiver Tee Higgins clearly grabbed the facemask of Rams defender Jalen Ramsey. The official missed it. There were 127 plays in this game. The official missed one call. And the result is clear in the picture on the right – an easy touchdown for Cincinnati.
Later in the game, Bengals’ linebacker Logan Wilson fell to the “one mistake” dynamic. And it may have cost his team the Super Bowl. Thomas was on the field for 74 plays, including 100% of the Bengals time on defense in this game. He made one mistake. On third and goal, with less than 2 minutes left in the game and the Bengals up by 4, Wilson held the jersey of Rams WR (and the ultimate Super Bowl MVP) Cooper Kupp. This time, the official didn’t miss the call. Wilson made “one mistake” and now lives in Super Bowl infamy. That penalty gave the Rams a fresh set of downs and they took advantage of his mistake and walked off the field champions.
The NFL’s Officials will certainly review the missed call on the Tee Higgins touchdown. The official will get coaching and instruction on how not to make the same mistake again. The league might even consider changing its replay rules. The same is true for Wilson. That hold will be reviewed in film with his coaches. And the Bengals’ defensive staff will try and adjust his technique to prevent future mistakes.
We owe our information security teams the same kind of focused support. The job is challenging. The stakes are high. And they “only need to be wrong once.”