Serving as Vice President of Security Services at Bulletproof, Gus Fritschie oversees the Americas and EMEA with his 20 years of experience in information security. With a foundation in network security, he quickly became a consultant for Fortune 500 companies, civilian agencies, and the US Department of Defence. In 2011, Gus transitioned a significant portion of his practice into the gaming sector, establishing himself as an IT security leader in gaming. In 2020 he joined Bulletproof when his organization – formerly SeNet – merged with GLI.
If we have learned anything over the past year in gaming security, it’s to expect the unexpected, and that is a constant when it comes to cybersecurity. To help you stay ahead of the unexpected, below are five cybersecurity trends that can help gaming organizations defend against cyberattacks in 2022. What’s more, these cybersecurity trends are applicable regardless of the industry you’re in.
1. Continued Impact and Threat of Ransomware
It would have been difficult to escape the threat and impact of ransomware in the news over the past year, from the Colonial Pipeline and JBS Foods incidents, to closer at home in gaming where several tribal casinos in Oklahoma were forced to temporarily close operations. Many of these attacks go unreported as the organizations either restore operations or pay the ransom. Until companies increase their security posture and address any existing poor cyber hygiene, they will continue to experience an increase in cyber events as they become more modern and sophisticated.
It is important to be prepared in the event of an attack, and you can start by asking yourself two mission-critical questions: Has your company evaluated its existing incident response protocols? How are you prepared to recover from an cyberattack?
2. Acceleration of Migration to the Cloud
As more and more businesses shift away from on-premises into the cloud, there may be more opportunities to make mistakes if it’s not properly implemented or executed. Insecure S3 buckets and other storage misconfigurations, poor access management and control, insufficient logging and monitoring, and insecure APIs are among the vulnerabilities you should be careful of. It is important that organizations spend the time to evaluate the security of their cloud tenants.
3. Attack Footprint Expanding with Sustained Telework and Remote Employees
With COVID-19, and even prior, we have seen the trend toward a more remote and distributed workforce. While many advantages and efficiencies can be obtained from this model, it also increases security risks by expanding the security perimeter and creating a larger attack footprint. Access control and secure remote solutions become critically important. Many organizations have moved toward zero-trust solutions to better protect their environments. Companies will also need to perform more advanced security assessments to identify security faults and holes.
One way to do that is to conduct more adversarial simulations like performing a red-team penetration test from the perspective of an attacker that got access to a remote worker’s endpoint, either logically or physically. This allows companies to determine if they can detect malicious activities and see if an intruder could pivot and move laterally from the endpoint to more critical resources.
4. Shrinking IT and Information Security Staff and Budgets
Over the past year, casinos and gaming organizations have reduced IT staff due to COVID-19 and/or experiencing staffing shortages. This places a greater burden on existing personnel and often security is an item that gets pushed to the back burner, until there is a security incident. To help ensure your security, it’s critical to establish relationships with trusted vendors to fill these gaps. There are certain IT functions that naturally are easier to outsource, and security operations is one of these items, from monitoring to vulnerability scanning.
5. Gaming Expansion and Increased Regulatory Requirements
With the increased gaming expansion, both online and land-based, there has been a higher focus placed on security requirements. New jurisdictions have mandated certain security standards, and existing states are increasing the level of the security assessments required. For example, in Pennsylvania, the PGCB recently clarified their security guidelines and was one of the first states to require quarterly vulnerability scans be performed by the operators and submitted to the regulator. Is your company ready to meet regulatory requirements?
Regulators frequently ask for advice on the type of staff they need to have to work with gaming companies and vendors as it relates to information security. I predict that in the near future, there will be more alignment with the various jurisdictions on how they view and evaluate information security in gaming.
Companies must remain vigilant and focused on cybersecurity solutions in 2022 and beyond, and when they are ready, work with trusted cybersecurity vendors.
If you found this blog helpful, we recommend you watch Gus’ video, Security Testing: What Most Are Doing Wrong and How to Fix It.