In a KPMG webinar, Nicole Solaita said that cyber-threats in the gaming sector are “our new normal”.
The operator should also ask how often it can happen.
Solaita, reflecting on the cyber attack that had a huge impact on Caesars in September last year, told her audience: “Unfortunately, I have realised this will be the new normal for corporates.”
Training and education are essential in this area. “But as much you prepare and train, some of the cyber attacks have not been that sophisticated.”
The cyber attack against Caesars last year was the result of a social-engineering attack targeting outsourced IT services.
They had also obtained a copy Caesars loyalty program database. The attackers had obtained the social security and driver’s license numbers of several members.
Training your staff is essential
Solaita emphasized the difficulties in training employees to recognize cyber security concerns, since many of these attacks are unsophisticated.
Solaita explained that “it comes down to social engineering. You can be frustrated by this because you have trained people, but for some reason, I believe that some of it is fleeting. When they are in the situation and receive a phone call, request, or instruction, they may not use their critical thinking instinctively and go into autopilot.”
We’ll have to put in all of our effort into this area and make sure that everyone is aware of the dangers and knows how to be vigilant at all times.
Cory Fox is FanDuel’s VP of product compliance and market expansion. He noted that the gaming world online was very different. He added, however, that the challenge of protecting customer data was still present.
We are heavily investing in online safety. “We do quite a bit of training in cybersecurity, to the extent that those of us that are good at identifying fake emails find it annoying. But we receive a lot of them each month so that we can all stay on our toes,” Fox said to the panel.
The current cyber-attack architecture is also viewed as a risk due to its simplicity.
Investors raise concerns about cybersecurity
KPMG’s report on the state of gaming risk said that investors are becoming increasingly worried about cyber risks. The US Securities Exchange Commission was prompted to introduce comprehensive new regulations.
They are designed to ensure that companies follow guidelines regarding their response plans for cyber incidents, including the effectiveness and speed of those plans.
Panelists also discussed the cyber threats that arise from generative AI, and how AI is being used more widely in digital industries.
Solaita, a Solaita spokesperson on the potential of this technology said: “In large organisations, trying to set some guardrails and understand the business cases around [generative AI] is an enormous effort.”
I’m excited to really leverage it but have concerns about who is in control of the data, and who can access the data. “You don’t wish to compromise your privacy or protection of data,” added the expert.
MGM was the victim of a cyber-attack that caused it severe financial damage on September 11, forcing them to close certain systems. According to the firm, this attack resulted in a loss of EBITDAR (property adjusted EBITDAR) worth approximately $100 million.
