What can a gaming industry company do to prevent cybersecurity attacks? For starters, don’t skimp on training employees.
“If you look at the recent cyber breaches that have happened in the gaming industry, almost all of them go back to a breach in cybersecurity training and understanding,” said Bob Becker, a strategic advisor for Speridian Technologies. “Someone came in with a phishing spear, a phishing attack, pivoted, and then took over those particular institutions and ran ransomware where either some decided to settle and some did not.
“But all of it coming back to kind of a lack of compliance to current cybersecurity standards.”
Becker spoke during the webinar “Data Privacy and Security Best Practices in Gaming,” hosted by Jonathan Michaels, the founder and principal of Michaels Strategies, and presented by Speridian Technologies, a government agency licensing solution.
The gaming industry recently has seen multiple cybersecurity breaches. Notably, MGM Resorts and Caesars have been attacked, as has the Nevada Gaming Control Board.
“You’re not going to be able to stop everything,” said Michaels. “But if you put in place the right practices, you are going to be able to have, whether it’s you or your staff, the common sense to say, ‘I probably shouldn’t click on that link, or this might be a risk,’ things like that.”
According to Matthew Wein, editor and founder of the Secure Stakes newsletter and a consultant to numerous organizations including the U.S. House committee on Homeland Security, the Center for Internet Security has a tool what will lay out critical tools needed to secure technical environments and networks. Wein maintains that it’s also critical to understand the role of artificial intelligence in cybersecurity attacks and defense.
“(AI) is certainly giving defenders some new tools in their toolbox to help protect things,” Wein said. “It’s also giving, obviously, attackers the ability to quicken the pace of their attacks and also broaden their attack surface.”
Wein noted that the federal government has stepped back regulations and support of cyberattack defenses.
“I think right now, a lot of states and a lot of especially small and medium-sized businesses are really feeling like they have to do a lot more on their own,” Wein said. “But I think that gives an opportunity for some of those entities to work together to try and improve their security.”
Wein said that state regulations, in the absence of federal oversight, have become more important. Some states disallow payment of ransoms to cyber attackers.
“I think that makes decisions a lot easier for some of the lower-level agencies,” Wein said. They don’t have to decide whether to pay the ransom or not. The decision has been made for them.”
Becker said it’s prudent for companies to be constantly on guard. Preparing for cyberattacks used to be an annual or bi-annual occurrence.
“Now, assessments should be happening real time in your environments,” Becker said. “AI coming in has the capability to look at the environment itself. That’s one key thing of real time, kind of assessing your cybersecurity and taking an action, that should be more the stance.”
Becker added that ongoing training of employees is critical to forestalling cyberattacks.
“I find organizations that are doing that have a very aware staff,” Becker said. “They’re paying attention now, they understand how these things are coming in, and they’re less likely to be taken advantage of than if you have an organization that does once a year training for a 15-minute little class that usually comes in one ear and out the other. You want to make this part of the culture.”
