Contact Us
Contact Us
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Subscribe to our newsletter
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Gambling

With the number of transactions, the amount of data being stored and processed by businesses in the gambling sector, cyber security risks remain one of the major concerns. 

Read more
Complete this form to get in touch

Are you happy for Defendza to keep you informed on the latest developments in cyber security (attack reports, guidance, DIY articles)? Of course you can unsubscribe at any time. Please see our privacy policy

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Overview

As gambling sector businesses have an increasing presence online, the threat landscape is constantly evolving given the interest of cyber criminals or organised crime groups. Gambling businesses need to be more proactive in terms of protecting both their corporate and production assets to ensure constant supervision.

UK Gambling Commission requires all remote gambling operator licences including specified remote lottery licences to carry out an annual security audit. This should be done by a third party and submitted as evidence to the Gambling Commission. This is to ensure that the operators have appropriate controls in place to protect their customers while choosing to participate in remote gambling.

Defendza is well versed with the security requirements defined by Remote Technical Standards (RTS) and we provide in-depth technical assessments based around the section 'Security Requirements'.

Challenges - Gambling Sector

Casino heists are a hit amongst Hollywood movies where gambling institutions are constantly crossing paths with criminals. However, in the digital realm of this industry, tactics, techniques and procedures (TTP) in use by cybercriminals involve stealth malware. Whether it's malware loaded at Point of Sale (PoS) terminals or business owned computing systems, one entry point to  the internal network is often enough to act as an entry pass to the estate. Due to the lack of constant logging and monitoring processes, attackers have large amount of time at their hands to make further inroads to ensure persistence.  

Some elements of the gambling industry hacks  are similar to what's observed in the retail and banking sectors. This is an increasing trend in the gambling and hospitality industry. 

Some of the challenges encountered by businesses in this sector include:

  • Protection of publicaly exposed assets such as software, terminals and corporate assets from malware/ransomware attacks
  • Attacks by unauthorised outsiders resulting in network penetration
  • Supply chain (third party, staff) Attacks
  • Identity thefts such as customer impersonation

Are you prepared?

Is your business prepared to defend against targeted attacks?

Spear phishing attack is usually personalized. Hackers normally include some personal data in the phishing emails, such as the name of the victim, their role in the company or even (for a personal touch) their phone number. The reason for this is to gain their confidence and, therefore, obtain the information they need to compromise the corporate network and access the confidential data they are looking for.

What systems and controls are in place to mitigate against supply chain attacks?

A supply chain is a chain of dependencies in goods or services. Supply chain compromise is the manipulation of products or product delivery mechanisms prior to receipt by a final consumer for the purpose of data or system threat. A supply chain can be compromised in various ways, for example, through the exploitation of third-party data stores or software providers.

Is your business resilient to ransomware attacks?

Ransomware has quickly become one of the most dangerous cybercrime threats organisations are facing . Over the past two years, the number of organizations being hit with targeted ransomware attacks has multiplied as the number of gangs carrying out these attacks has proliferated. Paying the ransom does not guarantee that you will get access to your data and threat actors may assume that you would be open to paying ransoms in the future

What systems and controls are in place to decrease insider threats?

Insider threats are counted amongst the most significant cyber-risks in the financial services sector. Businesses tackling this issue regularly validate their controls around logical access controls, spear-phishing, threat intelligence and regular penetration testing. In addition to technical controls, staff awareness and understanding through training helps build security-conscious culture.

How do you process and store personal data of your clients?

The loss of client information can have a devastating impact on a sector that has confidentiality at the heart of its business. Firms storing sensitive information, third party data, transactional records are likely to be at a higher risk of data breach than a local high street firm. Therefore, it goes without doubt that secure information storage and processing practices would help minimise the attack surface.

Casinos or Cyber Security - All bets are off. Get in touch.
Call Us Now

Sector Experience

This section refers to the specific projects based experience in this sector. Our experience stems from working for software providers in this sector to certifications and testing services providers.

Key benefits

✔ Capture The Flag Exercise as part of a large Merger/Acquisition Job

✔ Sports betting application security reviews (Major UK and Malta based sports and casino games providers)

✔ Professional Certification Requirement Regulatory Audits

✔ Application security assessments on gambling portals

✔ Product security reviews for a gambling software development company

Get in touch to leverage our skill-set and experience.
Call Us Now

Related News

Gaming sites hit with billions of cyberattacks

12/07/2019

Hackers have targeted the gaming industry by carrying out 12 billion credential stuffing attacks against gaming websites within the 17-month period analyzed in the report. This puts the gaming community among the fastest rising targets for credential stuffing attacks and one of the most lucrative targets for criminals looking to make a quick profit. 

Gaming industry still in the scope of attackers in Asia

11/03/2019

Asian game developers again targeted in supply-chain attacks distributing malware in legitimately signed software. This is not the first time the gaming industry has been targeted by attackers who compromise game developers, insert backdoors into a game’s build environment, and then have their malware distributed as legitimate software.