IGSA Takes Action to Enhance Cyber Resiliency with New Committee

With the recent string of cyber attacks on MGM Resorts and Caesars Entertainment, the world is reminded of the effect an intelligent group of hackers can have on even the most robust enterprises.

In the aftermath of these attacks, IGSA (International Gaming Standards Association) has announced its commitment to addressing the increased threat of cyberattacks by creating the Cyber Resiliency Committee (CRC).

Supported by global gaming giants such as Aristocrat Technologies, Light & Wonder and Axes.ai, the committee will establish guidelines for overseeing cybersecurity, managing cyber risks, and setting framework control criteria for casino operators and their associated networks.

It will include knowledge from experts within the IGSA membership to create a set of standards that are actionable and topical, taking into account emerging technologies and the present and future challenges specific to UK online casinos, betting sites, and general iGaming sectors.

Addressing Cyber Threats

While it is suspected that the hackers behind MGM Resorts and Ceasars Entertainment also orchestrated at least 52 other attacks across various sectors, mainly in the US, the casino industry is a highly lucrative target for cybercriminals.

Physical casinos handle a substantial amount of money but, moreover, hold a vast amount of personal and financial data. It was reported that as part of the recent round of attacks, Caesars paid “millions” to get their data back.

MGM Resorts was affected on several operating levels, including the use of hotel key cards, guest check-in, and the use of slot machines and ATMs.

Online casinos, built entirely from digital infrastructures, are at the frontline for cyber threats. Common attacks include Distributed Denial of Service (DDoS), which will flood the target website with traffic or send information to the site that triggers a crash, disrupting services and impacting the target’s reputation.

Building a Resilient Cyber Infrastructure

The creation of the IGSA’s CRC committee is proof that the industry is taking these threats seriously. By cooperating and forming alliances, the online casino and gaming sector can exchange resources, share threat intelligence, and safeguard against well-organized, multi-targeted attacks.

Regular audits are another way to prevent unwanted access to sensitive systems. Penetration testing, which entails a simulated and authorized attack by professional, ethical hackers, is a common way for enterprises to evaluate cybersecurity systems, allowing companies to better defend against such attacks.

Some cyberattacks, such as the one recently performed on MGM Resorts, are executed not only through hacking but by using additional methods such as social engineering. Social engineering involves the exploitation of “human error” to gain access to a computer system or to bypass multi-factor authentication.

This includes techniques such as phishing, baiting, or, in some extreme cases, contacting a company’s helpdesk to determine login information.

Adept cybercriminals are often convincing and have the necessary information to avert the sensation of suspicious activity. Employee training can mitigate some of the risk of human error, which many hackers rely on to access targeted systems.

Users should also take steps to prevent falling victim to cyber warfare. There are several strategies for safer online conduct, including using certified providers, creating strong passwords, and regularly updating gaming platforms.