The global gaming industry, be it land-based, iGaming, lottery, or sports betting, is a prime hunting ground for threat actors who are eager to breach security fortifications to hold victims hostage for monetary and/or intellectual gain.
Fortunately, Gaming Laboratories International (GLI) and its combined global team of experts, including Bulletproof, a GLI Company, rules as the defender in the complex world of protection, testing, and compliance with cyber space in over 700 jurisdictions.
Gus Fritschie
“Today there are more ways for attackers to get in because of the increased complexity of the internet,” said Gus Fritschie, Senior Vice President of Information Services Bulletproof. “GLI and Bulletproof are in a prime position to help organizations with our experience in gaming cyber security both from a regulated and unregulated gaming perspective.”
“We can assist our customers to increase their cyber security resiliency, which is particularly important, he added, “because it is not a question of if but when a breach will occur.”
The responsibility of operators, according to Fritschie, is to protect against attacks. He said that it is critical how quickly the attacker can be contained and eradicated from the network. That is where the Bulletproof ISS (Information Security Services) team becomes gaming cyber security’s franchise player.
Lone wolves, threat actors acting on behalf of an organization to a much larger degree, prey upon gaming operators and suppliers. “We serve as a guide to protect by strengthening their security postures”.
“Hacker groups can emulate a business organizational structure with a CEO, HR department, and even PIP (performance improvement plans) for criminal underachievers,” Fritschie observed. “These groups generate millions in revenue and will continue to do so until organizations increase their cyber security maturity.”
Protecting the cyber security space in the gaming industry for the most part does not need to be concerned about nation-state threat actors as they are targeting critical infrastructure and government, bur gaming is still a target of plenty of other hacker groups.
“Defenders of cyber security have a difficult job because we have to be perfect one hundred percent of the time,” Fritschie said. “Our ISS team conducts assessments looking to discover issues and identify vulnerabilities. It is really all about risk management.”
The process of identifying the risk, researching the vulnerabilities associated with that risk, and the likelihood of the attacker conducting the threat is extraordinarily complex. The assessment leads to precisely the impact on operations the successful completion of the threat wields.
“Our gaming security professionals have the proven resources to calculate the most efficient method of defense and make it work,” he said.
The pace of gaming innovation sometimes gives Fritschie pause to ask a question of his audience during presentations as to whether participants feel more cyber secure or less cyber secure than they did 10 years ago. Frequently, the majority feels less secure, he revealed.
“There are a number of different reasons for this,” Fritschie maintains. “Just as one example, 10 years ago there was no cashless or cardless gaming as we know it today, something that a lot of operators are moving toward on the casino floor. Modern technology introduces new vulnerabilities that can be exploited.
“Our hallmark offers the highest level of protection for the gaming industry with expertise in proactive security testing, including penetration testing, source code security audits, network risk assessments, and ransomware threat evaluations.”
Fritschie recalled one of GLI’s Regulator Round Tables during a panel on cyber security. He said that a member of the audience made a comment in relation to the cost factor associated with the protection of the operation’s cyber assets.
“It just so happened that James Maida, co-founder, President, and CEO of GLI, was seated in the audience,” Fritschie recalled. “He said that having the ability to offer gaming to customers is a privilege and not a right, and that if you are incapable from a cost perspective of doing the basics from a cyber security perspective, perhaps you shouldn’t be in the business.
“That really resonated with me. This is a highly regulated industry, and operators need to be aware of the consequences of not having the right level of security and controls in place. You need to not just be checking the boxes, implementing real security.”
Fritschie acknowledges that “we are in a much more dangerous world today than we were 10 years ago”.
“On the regulatory landscape, online gaming is what has driven the requirements for cyber security from the perspective of the operator and supplier levels,” he said. “Compliance, of course, also drives a lot of what gets done from a security perspective in gaming.
“Sometimes the regulations do not provide enough guidance to raise the bar to the level that is needed to provide that protection. What we frequently do with our clients and customers is assist them in meeting their regulatory compliance with numerous services we provide. This is one of the reasons that we created the GLI Gaming Security Framework (GSF).”
These include penetration testing, performing audits against the gaming regulations, and assistance in doing more advanced testing and more advanced assessments to assist them in designing security roadmaps to strengthen cyber resiliency.
According to Fritschie, there are technology security tools leveraging artificial intelligence.
“We use it ourselves in our Security Operations Center for clients who wish to manage and help protect their networks from a defensive perspective,” he said. “At the same time attackers are using artificial AI to perform very sophisticated social engineering.
“We have a lot of customers in the gaming sector that want to do more than the minimum,” he said. “They realize that they must raise the bar in order to stay ahead of the attacker.”
