iGaming Cybersecurity: Are We Lagging Behind?

Since the Covid19 lockdown, it’s no secret that the volume of Cyber Attack cases seen in our industry has risen exponentially.

DDOS attacks are the most common. But there is a slew of other types of malware that can potentially pose a critical–and crippling–threat to your good operations.

Despite the inherent, and seemingly self-evident level of threat, the iGaming industry has a lot of catching up to do, warn many insiders and observers.

That’s why we engaged John Engates, Field CTO at Cloudflare, to hear more about the potential cybersecurity-related risks in the market and, equally importantly, learn what we, as an industry, can do to fortify our operations and ensure that iGaming has the necessary protection to build sustainable growth.

When it comes to cyber security, some industry commentators believe the iGaming sector lags behind. Who are the cyber security leaders and what can the iGaming industry learn from them?

iGaming operators have largely adopted cybersecurity measures commonly seen in sectors involving financial transactions and user funds (e.g. financial applications, e-commerce).

As the digitisation of the iGaming industry attracts hackers aiming to steal player funds, or personal data, regulators and operators alike recognise the importance of prioritising player safety and funds security. However, as the threat landscape continues to evolve, there is no definitive endpoint in enhancing awareness and improving procedures and security tooling. Investing in cybersecurity is critical to maintaining brand reputation, ensuring a positive client experience online, avoiding hefty fines and safeguarding the overall financial health of the company.

Operators often employ resource-heavy teams, or rely on multiple vendors, to help fight fraud. What impact does this have on the players’ transaction experience? How can this process be improved?

Ensuring robust fraud prevention and player security should not come at the expense of increased latency, or poor customer experience. Operators must carefully consider the security measures they implement, as well as the player verification steps integrated into the customer journey: from player login to funds cash-out. Operators have numerous options to choose from, with some catering to local market regulations and others offering cloud-based solutions suitable for global operations.

Achieving the ideal customer experience requires balancing these various requirements. Operators must consider methods for 2FA, KYC solutions, Captchas, password recovery, and blocking malicious traffic from the application. For each solution, they need to evaluate its design, effectiveness, cost, ease of use, implementation time and compatibility with current architecture, or long-term security strategy.  Selecting the right security vendor and design should involve a thorough analysis of these factors.

How can Machine-learning and AI-driven tools help operators fight fraud on a global scale?

AI and Machine-learning can play a crucial role in identifying fraudulent patterns in incoming internet requests or player behaviour.

AI and ML enable earlier, more intelligent, and more automated fraud detection — at a significantly reduced cost. With millions of BOT attacks occurring every minute, it’s unfeasible for humans to assess each request and make the right determination in a timely manner. AI and Machine-learning not only serve as preventive measures but also improve incident response time by continuously gathering data and intelligence. The effectiveness of these ML/AI tools depends on the quality and diversity of the data, as well as the fine-tuning of the AI models.

Today’s savvy iGaming customers expect fast, immersive and reliable online gaming experiences. How can Cloudflare help to deliver this?

Players are likely to be globally distributed, while game servers [are often] geographically distant from players. At Cloudflare, we believe that protecting against credential stuffing, DDOS attacks or fighting bots should be fast and not impact the performance of the game.

We achieve this by designing our cloud-based protection to be as close to users as possible, thanks to the global footprint of our network. Spanning 285 cities, reaching 95 percent of the world’s population within approximately 50 ms or less. That allows for a single-pass security inspection to occur at the data centre nearest to the source of traffic, ensuring that security never comes at the expense of performance. We are also in the privileged position of handling a sizable portion of the total Internet traffic, which enhances our depth of understanding of the global threat landscape.

Editor’s note:

After speaking with John, it’s abundantly clear that the iGaming industry will have an ongoing battle with cyber threats and malware well into the future.

The cyber security threat landscape is continuing to evolve. There will never be a definitive endpoint to enhancing awareness and building effective digital tools to defend your business.

Potentially, the development of AI and ML now means the industry can combat threats more efficiently than ever before. Being able to leverage these types of tools will be pivotal to future success and business growth.

We’re looking forward to seeing how companies like Cloudflare can help operators maximise these opportunities.

Published on: