?imageDataId=754619×tamp=1706781181000&width=822 "Leon Allen: “88% of all in-game data breaches are caused by an employee” 12024")
We catch up with the Director of Cybersecurity at Continent 8 Technologies Leon Allen to discuss recent attacks against the physical and online gaming sectors, with bad actors exploiting vulnerabilities and seeking to access private and confidential user data. Vulnerabilities are a serious problem for gaming companies, but the good news is that 88% of all data breaches can be attributed to employee error, meaning people have a bigger role to play. when it comes to ensuring businesses are safe. As businesses face an increasingly challenging landscape, constant review of policies and commitment to employee training is the gaming industry’s strongest bulwark against this growing threat.
Q: Can you comment on the recent attacks on major gambling companies in the sector (Caesars, MGM Resorts and even online platforms like Stake.com have all been attacked in recent months)? What do you think about it?
The gaming industry is one of the most targeted, and this can be clearly seen in the recent spate of high-profile operators who have fallen victim to the incredibly sophisticated and complex methods being deployed by cybercriminals. Why is it one of the most attacked sectors? There are many reasons.
It is a growing industry with a large customer base that generates billions of dollars in revenue each year. This makes it perfect for those seeking ill-gotten financial gains. What’s more, online sports betting and casino operators often use multiple web applications and APIs, presenting many opportunities for attackers to gain access to their systems and networks.
That said, it’s important to understand that human error was to blame for the recent attacks, and this is something we’re seeing more and more. Statistics show that 88% of all data breaches are caused by employee error, and this makes human error the biggest weakness for most operators and providers.
That’s why it’s so important for organizations to take a multi-tiered approach to cybersecurity and ensure all employees (from the board of directors on down) are cyber-aware through regular training. This is the only way to ensure true resilience.
Q: Is anyone sure: player data, company data? Are businesses and consumers in this sector realizing that their data will eventually be stolen?
Recent high-profile attacks in our industry and others highlight a critical shift in cybersecurity thinking. Now it’s a matter of when an attack will be launched against an organization, not if. It is no longer enough to wait for prevention; An organization must be fully prepared for an inevitable breach with no business being immune. In fact, based on recent attacks, the larger the company and the higher its profile, the more likely it is to fall into the crosshairs of cyber attackers.
That’s why companies must prioritize cybersecurity, and this requires buy-in and support from the top of the organization, whether it’s the board of directors or senior management. While this will come at a cost to any business, the losses incurred from a successful attack or data breach far outweigh the initial and ongoing investment required to ensure resilience. This investment should cover a multi-layered approach, including DDoS and WAAP protection, as well as MDR/EDR and SIEM/SOC, as well as the necessary employee training.
Resilience also depends on the individual, with many ways for employees to better protect themselves and the broader business from a cyberattack. This includes using multi-factor authentication, keeping software up to date, and using strong passwords. Of course, some employees won’t be aware of these things without being trained first.
Q: How do we overcome this and what can companies do to restore public confidence in their products? We saw that MGM Resorts investors did not react as negatively to the news of the attack. From a business standpoint, investors seem to have developed a thick skin for this sort of thing, but that doesn’t make it suitable for consumers.
After an attack, the organization should review policies and best practices to prevent a recurrence. Communication with employees and customers is also key: be as open and honest as possible and dedicate resources to supporting customers directly affected by the attack or breach. By analyzing the attack and learning from it, the organization can strengthen its cybersecurity defenses and prevent a similar attack from happening again; Remember, most attacks succeed due to human error, so better training is often all that is needed to significantly improve resilience. .
The global online gaming industry is tightly regulated in the vast majority of markets and cybersecurity should be considered part of an organization’s compliance obligation. In regulated US states, for example, operators and providers must have specific infrastructure and processes in place when it comes to cybersecurity. Take Pennsylvania, for example, which has requirements around having a board-approved information security policy that conforms to the standards of the most recent version of the NIST Cybersecurity Framework (a set of guidelines to mitigate the risks of organizational cybersecurity). The West Virginia Lottery requires annual external vulnerability assessment and penetration testing (VAPT).
Q: Are CTOs prepared for this level of threat or are they simply realizing that they are filling a position that would require a lot of work and effort?
Cybersecurity is an evolving threat and it is incredibly difficult to keep up with the ever-changing threat landscape. In most organizations, IT and security teams are overwhelmed and, in some cases, drowning. Alarming statistics reveal that only 4% of alerts are actually investigated, while almost two-thirds of internal teams suffer from alert fatigue. This is why businesses need to work with cybersecurity partners like Continent 8 Technologies, as this ensures they are prepared to deal with the critical threats their businesses will face.
Q: Do you think the industry recognizes the urgency of the issue and what steps can be taken to safeguard consumer and business data in the future?
The industry is acutely aware of the risks and threats it faces, and recent high-profile attacks have pushed cybersecurity to the top of the boardroom agenda. But cybersecurity is not new: at Continent 8 we have been protecting the industry for more than twenty years. But the sophistication and complexity of attacks are reaching new highs, and organizations must keep pace if they want to be truly resilient. Cyber attackers will continue to attack the industry for many years to come, and all companies must do what is necessary to protect themselves because an attack is coming.
Image credit: Casino Guru News
