Nancy Ramirez Ayala looked around at the crowd attending Wednesday’s session “Mobile Gaming Under Siege: Fraud Hacks and Regulatory Gaps” and admitted people might question why a lawyer was a panelist.
The answer, she said, is that cybersecurity concerns are no longer just the province of an IT department.
“You’re facing reputational damage, legal liability, business continuity, potential issues,” Ayala said during the Indian Gaming Association Tradeshow & Convention at the San Diego Convention Center. “And what we’re seeing isn’t just nation-states that are attacking companies, but it’s a for-profit business now. We’re seeing it across industries. We’re also seeing bad actors go in, take some data, then encrypt. It impacts so many parts of the business unit.”
Like so many other sessions at IGA this year, panelists sounded alarms that companies, especially tribal operators, are vulnerable to attacks from cyber criminals.
“It’s an everyone problem, not just an IT problem,” added moderator Melissa Aarskaugh, Bulletproof’s VP of Business Development.
But what can organizations, specifically tribal entities, do to ensure the safety of patrons and the company itself?
“Cybersecurity starts with not just the product and platform and customers using it, but it can impact an (entire) tribe,” said FanDuel Chief Information Security Officer J. J. Agha. “You can’t lose sight of the objective. There’s this new shiny thing that’s coming around the corner, but it’s very easy to forget about some of the basics. Are you patching? Are you updating? Are your systems secure enough?
“To me, cybersecurity is beyond protecting against bad actors from coming in, but it’s supporting resiliency, it’s continuity, communications. That’s where you really have to get ahead of it. Not just fall back into your IT trope and say I’m going to hang back with the network folks. I’m going to make sure nothing’s corrupt. You have to be a business leader in cybersecurity.”
Diallo Gordon, president of Pavillion Payments, cited three elements necessary to forestall cybersecurity threats: trust from players; a regulatory framework; and digital innovation. And those three elements require collaboration. “You can create a community around cybersecurity, what’s happening and what people are going through, and that’s super important.” Gordon added that it’s also important to treat each transaction as its own unique occurrence.
“If there’s a high volume of deposits from someone you don’t have a history with, on a device they rarely use, you may want this to a be more of a friction experience,” Gordon said. “But if this person has had a gmail account for 20 years, we know that they’ve been here, we know this device ID, there are all these different things you can do. So that way, I would say, a frictionless low-risk experience is what you want to give your most valued players.”
