The cybersecurity attack surface has grown exponentially over the last decade, and many organizations aren’t doing enough to prepare their teams to defend against cyber-attacks. The frequency and scope of these attacks have significantly increased across all industries, especially gaming. Why are casinos and gaming firms a prime target for cybercriminals? Because they are flush with cash and player data.
Recent Casino Gaming Breaches
One of the most famous breaches was in Las Vegas. The organization’s high-roller player tracking database was exfiltrated off the trusted network in 2018 through an IoT thermometer in a fish tank. More recently, in Oklahoma, six Lucky Star Casinos were hit with a ransomware attack just last summer. These cyber-attacks are putting the security of these organizations to the test, often leaving them unable to conduct daily operations until systems are restored, and data is recovered.
There are a few questions that every organization should answer regarding cyber defense.
- Are the proper controls in place to prevent an attack?
- How quickly can we detect an attack when it occurs? How do we respond?
- How quickly can we recover in the aftermath of an attack?
Preventing a cyber-attack is ideal; however, detecting an attack and providing an appropriate response is critical to thwarting a potential disaster. The IT recovery efforts, operational downtime, and reputation & brand damage will always cost more than a small investment upfront to improve your security posture.
Where to Start
A good starting point is to complete a health check of your system’s security posture and determine the current state of your environment. With this information, you can determine what you want your future state to look like and put a plan in place to address the most risk with the least effort. While a yearly assessment is a good first step, it is also crucial to be able to continuously report on Security Risks. Throughout normal IT and Security operations, the administration and configuration of those settings will drift over time. Staying on top of these changes will drive continuous improvement and compliance in your organization. Last but not least, and probably the most important thing you can do, is to protect all identities with MFA and ensure that the right user has access to the right resources for the right reasons and from the right place.
Invest in your cybersecurity program and reduce your risk of someone stealing your data or money and wreaking havoc within your network. The amount of money you spend preparing for an attack will be minimal compared to the brand damage, loss of customer trust, regulatory fines, and financial damage from not being able to operate your business and not to mention the cost to recover those affected systems.
Cybersecurity in Casino Gaming is a topic that we discuss every day. Feel free to check out some of what Solutions II does for our Gaming clients. Be sure to sign up for our blog notifications (at the top of the page) to receive an email when new information is posted from our experts.