What can the Bears-49ers game teach us about cyber security?

On Sunday, December 23rd, the Chicago Bears will travel to the Bay Area for the second-to-last game of the season against the San Francisco 49ers.


The Bears are riding high, with the league’s most dominant defense and a shot at best season record in their conference. The 49ers, on the other hand, are bouncing back after losing their starting quarterback to a devastating knee injury and skidding into a six-game losing streak.


Check Point Software is proud to sponsor both teams, making it no coincidence that the 49ers and the Bears’ 2018 seasons, in parallel, offer key insights on stopping modern, fifth-generation cyber attacks.


Setting the Stage For Sunday


Three weeks in September changed the course of the 2018 NFL season.


On September 1, the Chicago Bears traded away their draft assets for Khalil Mack, gaining the single best player at the second most important position for the rest of the season.


On September 23, the San Francisco 49ers saw their starting quarterback, Jimmy Garoppolo, tear his ACL in Kansas City, losing the then-highest-paid player at the single most important position for the rest of the season.


The Chicago Bears, who weren’t viewed as much of a threat before this season, have seen Khalil Mack’s transcendent talent elevate the play of the entire defense. The San Francisco 49ers, who were thought to make a run at the playoffs, have been on a roller coaster of a season, enduring a six-game losing streak before a young third-string quarterback emerged as an unlikely hero.


In Khalil Mack, and in the 49ers’ surprise midseason messiah, lie cyber security wisdom.


Cyber Criminals and NFL Defenses Both Need Their Edge


Khalil Mack’s role is fairly simple: get to the quarterback, by any means necessary. Mack does this better than nearly anyone in the league because he shares the same quality that the most threatening cyber criminals have: he’s polymorphic and can spread laterally.


He can use his strength and power for a physical bull-rush just as well as he can use his speed and flexibility to outrun the players protecting the quarterback. His combination of skill, agility, quickness, strength, explosiveness, and awareness is one-of-a-kind for his position, and he’s single-handedly won games by completely disrupting the opposing offense during critical moments.


The modern cyber attack is polymorphic – all it needs is one vulnerability, one infected entryway, to spread laterally within the network to infect the most critical assets. One employee’s smartphone getting hacked can lead to an entire database breach.


Smart NFL offenses prepare for Mack by proactively designing counter-plays that involve short, quick passes to the sides of the field, away from the defenders swarming the quarterback. Every layer of the offense – from the quarterback to the blockers to the pass-catchers to the coach – need to be on the same page when a fearsome opponent like Mack is on the field.



Smart companies prepare for Gen V attacks by securing every element of their cyber assets – from every mobile device to the cloud to the network, utilizing a unified security solution that leaves no gaps in the system. Every layer of the security environment needs to be on the same page, and most critically, they need proactive threat prevention that stops attackers before they can cause any damage.


Failing To Plan is Planning to Fail


When Nick Mullens walked in to the San Francisco 49ers facility for his pre-draft interview, the legend goes, the team thought he was there to interview for an office job. The short, skinny kid in a tan suit was surely there for an internship upstairs. “He reminds me of my son!” remarked one coach.


But Mullens was there to play quarterback.


The 49ers gave him a shot on the practice squad, a backup’s backup, an insurance policy in the case of injury. Mullens earned the coaches’ respect by memorizing the playbook cold and diligently asking questions – he approached every week as if he were starting the game himself.


After the franchise’s crown jewel, Jimmy Garoppolo, went down on that fateful September afternoon, Mullens moved up to become the primary backup. The new starter, CJ Beatherd, looked like the traditional quarterback: tall, strong, and with a rocket arm that could hurl the football all the way across the field.


But playing quarterback professionally takes more than just physical talent, and Beatherd struggled with the speed and complexity of the game. It was time for Mullens to shine.



Since he took over, the 49ers went 3-3 as Mullens ranked in the top 5 for yards thrown per pass while setting franchise records. While he can’t throw as hard or as far or as fast as most quarterbacks in the NFL, he can diagnose defensive formations, knowing the scheme so well that he could correctly adjust the playcall a split-second before the play starts in order to best exploit the defense’s vulnerability.


Cyber security teams need to take the Mullens approach to defending their critical, digital assets.


  • Prepare like your company will face a massive cyber-attack tomorrow, with the same diligence and curiosity that Nick Mullens does when he’s watching game film.
  • Do the “little things” – maintain cyber hygiene by patching your IT servers, constantly educate your employees about cyber threats, etc – before they cause big problems.
  • Know your enemy and understand the modern threat landscape – cyber attackers are targeting cloud and mobile assets, knowing that most companies either don’t protect those layers or have disconnected point solutions that won’t protect the entire system.


And most importantly, proactively get ahead of the cyber criminals by having threat prevention tools in your security arsenal. The blitz – ransomware, mobile malware, cryptojacking, and the Khalil Mack-level Gen V attacks – will come for your company.


Be ready.


As we gear up for the game on Sunday, with Check Point sponsored gameday program guides at Levi’s Stadium, we’ll be looking to see how Nick Mullens can try to outsmart the league’s best defense. And while the game may end after four quarters, the cyber criminals will still be plotting their attacks on enterprises of all shapes and sizes.


Follow Check Point on Twitter, LinkedIn, and Facebook to stay up-to-date on the latest in cyber security, threat intelligence, and threat prevention.