iGaming Cybercrime: What Can We Learn from the US$15m Caesars Attack?
The iGaming industry is thriving and continues to grow year-on-year, however, with this increased rate of inline traffic comes the heightened risk of cyber-attacks.
All too often, issues of cyber security are treated as an afterthought and the importance isn’t realised until it’s too late.
Recent high profile events in the media, such as the US$15 million Ransomware attack on Caesars has proven once again that our industry is significantly under-prepared in regards to our cybersecurity status.
So we spoke with Danie Mayer, Senior Compliance Manager for leading online security firm eCOGRA to find out why we, as an industry, should be doing more to prioritise issues of online safeguarding and more importantly, what practical steps operators can make to strengthen their own defences going forward.
The issue of cybercrime within our industry has been pushed to the forefront yet again as Caesars recently succumbed to a ransomware attack to the tune of $15m. Do you think high-profile issues like this will help to change a largely unenthusiastic attitude towards cybercrime by the iGaming industry?
“Cybercrime poses a significant and ever-present threat to the iGaming industry, with the potential to inflict substantial financial losses, severe reputational damage, legal repercussions, and customer discontent. The recent ransomware attacks in the iGaming sector serve as a glaring reminder of the imperative for robust cybersecurity measures and practices to safeguard the industry. Cybercriminals persistently adapt their tactics and tools, relentlessly exploiting emerging vulnerabilities while circumventing existing defences.
“The iGaming sector should ensure a collective commitment to enhance cybersecurity across the industry. High-profile incidents should serve as catalysts, prompting stakeholders to review their investments in comprehensive cybersecurity solutions, training programs, and rigorous cybersecurity assessments by independent third parties.
“The iGaming industry must acknowledge the need for action and embrace cybersecurity as an integral aspect of its operations. Heightened awareness and a proactive approach are imperative in safeguarding the industry’s reputation. By continually adapting to evolving threats and implementing robust cybersecurity measures, the iGaming sector can mitigate risks and ensure a safer and more resilient environment for all stakeholders involved.”
Considering the heightened level of threat from cyber-attacks in our industry, especially since COVID-19, do you think the iGaming industry’s current level of security is sufficient? What more can be done by operators to improve this?
“In the ever-evolving landscape of the iGaming industry, the spectre of cyber-attacks looms larger than ever. As we navigate this digital era, the question of whether the current security measures within the iGaming sector are adequate becomes not just a matter of operational concern but a critical examination of our collective resilience.
“The traditional paradigms of security, once presumed sufficient, are now strained under the weight of sophisticated cyber threats. It’s not merely about controls; it’s about orchestrating a symphony of defences that anticipates, adapts, and prevents in real time. Operators must transcend the reactive stance and embrace proactive strategies.
“Enhancing cybersecurity posture requires a multi-faceted approach. First and foremost, a cultural shift is imperative. Cybersecurity should cease being a IT department concern; it must become the heartbeat of the organisational culture. Every stakeholder, from C-suite executives to front-line employees, should be filled with a sense of collective responsibility.
“Technical fortifications must be equally robust. The adoption of cutting-edge technologies, from advanced threat detection systems to artificial intelligence-driven analysis, may be a necessity.
“Industry-wide sharing of threat intelligence, collaborative research endeavours, and cross-sector partnerships can support our collective defences. The cliché holds true: united we stand, divided we fall. The interconnected nature of the digital landscape necessitates a united front.”
Cybercrime is an issue that impacts every online industry across the globe. Are there any industries in particular that you feel are leading the way in the battle against it and what can the iGaming industry learn from them?
“Several industries have set exemplary standards for robust cybersecurity measures, and they serve as valuable models for the iGaming sector. These leading industries encompass Financial Services, Government and Defence, and Energy and Critical Infrastructure to name a few.
“Banks and financial institutions have long stood at the forefront of cybersecurity due to the sensitive nature of their data. They employ advanced security measures, including encryption, multi-factor authentication, and real-time fraud detection, to protect customer information and financial assets.
“Tech companies specialising in cybersecurity solutions are natural leaders in the field. Their constant innovation and development of cutting-edge technologies enable them to stay ahead of emerging cyber threats and provide robust protection to their clients.
“Government bodies often collaborate with the private sector to implement comprehensive cybersecurity strategies. These strategies may include threat intelligence sharing, network segmentation, and continuous monitoring to safeguard critical systems and national security.
“To draw valuable lessons from these industries, the iGaming sector may consider the following measures:
“Investment in Cybersecurity: Allocate resources and budgets to bolster cybersecurity measures. This includes continuous monitoring and collaborating with organisations like eCOGRA to conduct regular security audits, vulnerability scanning, and penetration testing.
“Data Encryption: Implement robust encryption for all data in transit and at rest, particularly sensitive customer and financial information, to mitigate the risk of unauthorised access.
“User Education: Educate employees and users about cybersecurity best practices to reduce the susceptibility to social engineering attacks, such as phishing.
“Incident Response Plan: Develop and regularly update an incident response plan to effectively manage cyber incidents, minimising potential damage and downtime.
“Collaboration: Collaborate with cybersecurity experts, industry peers, regulators, and law enforcement agencies to share threat intelligence and stay informed about emerging threats. Collective knowledge is a powerful defence.
“Compliance: Adhere to relevant cybersecurity regulations and standards to ensure legal and ethical operations while also enhancing overall security posture.
“It is imperative to recognise that the cybersecurity landscape is ever evolving, with new challenges continually emerging. Consequently, maintaining vigilance, adaptability, and proactive measures is crucial for the iGaming industry, as it seeks to effectively combat cybercrime and ensure a secure environment.”
Many industry operators don’t fully appreciate the value of cybersecurity until it’s too late. How can work with solutions providers like eCOGRA help operators with early intervention and communicate the value of this to budget holders?
“Early intervention in cybersecurity involves proactive measures to identify and mitigate potential threats before they escalate into full-scale attacks. eCOGRA’s team of ethical hackers perform vulnerability scanning and penetration testing across its client’s software and systems to proactively identify vulnerabilities and to mitigate risks. Security assessments play a pivotal role in identifying vulnerabilities and patching weaknesses.
“Businesses can leverage eCOGRA’s assessments as powerful tools in their communication strategy. When a reputable third-party like eCOGRA assesses and certifies where relevant the cybersecurity measures of a business, it not only validates their efforts but also provides tangible evidence of their commitment to protecting the organisation and most importantly, it’s customers.
“Cybersecurity is not just a necessity; it’s a strategic asset that can protect the reputation and financial stability of a business. By working with experts like eCOGRA, businesses can take a proactive stance in safeguarding their operations and reassuring stakeholders that cybersecurity investments are a wise and necessary choice. It’s about not waiting until it’s too late to appreciate the importance of cybersecurity in today’s digital landscape.”
Danie clearly believes Cybercrime poses a significant and persistent threat to the iGaming landscape, with the potential to inflict substantial financial losses, severe reputational damage, legal repercussions, and customer discontent.
The type of attacks we’re witnessing continue to evolve and it can be a challenge to stay up to date with the latest developments. However, with heightened awareness and a proactive approach to safeguarding the industry’s reputation, leveraging innovative new tools such eCOGRA’s, we have a better chance of adapting to evolving threats and implementing robust cybersecurity measures, to effectively mitigate risks and ensure a safer, more resilient environment for both the operator and the player.