Tribal governments and their enterprises, especially casinos, continue to face cyber infiltrations on a regular basis and the third-annual Tribal Cybersecurity Summit will hold a free online conference on March 9 to help tribes better defend themselves and effectively respond to increasing threats.
Last fall, the chairman of the National Indian Gaming Commission reported that successful cyberattacks against tribal casinos dropped dramatically in 2022, following numerous hacks had shuttered properties, reduced revenue, and prompted ransomware payouts in 2021.
TribalHub continues to be part of efforts to boost awareness and provide technical and other information to thwart attacks. In addition to the NIGC’s efforts, TribalHub helped form the non-profit Tribal Information Sharing and Analysis Center (Tribal-ISAC) that educates, prevents or mitigates, and warns about cyberattacks on tribes and all of their enterprises.
As in the past, this year’s Cybersecurity Summit is free and registration is under way. https://www.tribalhub.com/tribal-cybersecurity-summit/
The summit runs from 8 a.m. to 2:15 p.m. Pacific and features 10 sessions that will also be available on recordings within 48 hours to those who register. Besides educational sessions, a virtual trade show will host the latest cyber solutions.
According to TribalHub CEO Mike Day,cybersecurity is about preparation and making it difficult for hackers. There hasn’t been a recent major public shutdown of a casino for days or weeks, but many smaller breaches that don’t make national news occur on a weekly basis.
“With effort and education, many tribes are getting smarter, putting better cybersecurity practices into place, improving their ability to respond to incidents. Having secure backups, disaster recovery, and incident response helps tribes respond quickly when something happens,” Day said.
“TribalHub members have spent a lot of time over the past several years talking about the complexities of cybersecurity and whenever you are reliant on technology and data you need a cybersecurity plan in place. We also helped build the nationwide Tribal-ISAC community. Tribes and tribal casinos sharing threats that they’re seeing is helping every tribe be more secure. Unfortunately, no one can prevent breaches entirely. Not even the federal government, with their almost unlimited budgets, can.”
Day said many steps still need to be taken to provide better protection. New cyber threats are a continuing concern that make the cybersecurity landscape even more complex, some of which the opening session of the Cybersecurity Summit addresses.
For example, new artificial-intelligence products continue to be introduced that create new cyber concerns. Some social apps are causing concern when it comes to their access to personal, company, or potentially sensitive data. Some state and local governments have recently banned the TikTok app on their employee devices over concerns about data security. Some tribes are now considering whether they should do the same to protect their citizens and data.
“Anytime personal or sensitive information is potentially not secure in how it’s handled, you can consider that a threat,” Day said. “I think the issue with TikTok is not fully understanding who’s controlling access to data within the app and on any device it’s installed on or connected to. If an organization allows the app on employee phones or other devices that connect to the organization’s network, which also holds sensitive data, what did you really just allow access to? The security concern from the TikTok app is not so much about watching TikTok videos, but more about data and content security and access from the app.”
The 3rd Annual Tribal Cybersecurity Summit starts with a session on the top emerging trends and practices in cybersecurity and new threats that are faced. A more technical session on disaster recovery will follow, at the same time as a session geared for non-tech executives and what they need to know about cybersecurity from a leadership level.
“This and several other sessions are designed for leaders in the tribes, casinos, and hotels and the goal is to provide guidance on how to engage in cybersecurity efforts and strategy without needing to be a tech expert,” Day said.
“Every best-practice plan for cybersecurity states the same thing: You can’t have effective cybersecurity unless the leadership team is involved. They have to participate and back those plans, because it’s an organization-wide effort. You’re only as strong as the weakest link and employees are often the biggest targets for cybersecurity breaches.”
Next up is a session on regulatory agencies and commissions that have either adopted or are contemplating adopting additional controls and requirements related to cybersecurity and how it impacts tribes. Concurrently, attendees can tune into a session on how to create a robust cybersecurity program on a limited budget.
A discovery session will highlight the latest cybersecurity products and services that are already assisting tribal enterprises, followed by time to visit with vendors at the virtual trade show.
In the “Long After the Headlines” session, a tribe that has faced cyberattacks and ransomware demands will tell their story.
A session on third-party risk looks at suppliers and partners as a possible threat; if hackers infiltrate their systems, they can often use that connection to get into your systems.
The conference concludes with a session on cyber insurance.
“Insurance is a challenge for everybody,” Day said. “Cyber insurance companies have become more educated, diligent, and detailed about what they need to put in cyber policies. Of course, that means more regulations, more customer requirements, more policy constraints, and an expectation of more to follow in the future. More stringent cyber requirements aren’t necessarily bad, but more requirements and new limitations on coverage mean it’s continually more difficult to obtain and maintain coverage that is cost effective.”
“It’s not just a challenge for tribes, but for every organization. The cost has gone up significantly in large part because insurance companies have had to pay for cyber breaches.”
The Cybersecurity Summit Advisory Board curated the agenda for this event.
“We find the best way to create an agenda for our audience is to have our audience directly involved in creating the agenda,” Day said. “The industry is benefitting from the Board’s coming together.”