Gaming systems, a decade ago, were protected by obscurity during a time when any information about them was difficult to obtain and they were isolated from the world outside of gaming; today, this is no longer the case. Committing to cybersecurity defense, on the other hand, will be a much more valuable and efficient use of time and resources for the casino.

One might consider the gaming system being used at their property—it is probable that systems running the operations were developed sometime between 25 and 35 years ago along with a wide array of additional systems, inherently adding a possible point of weakness for each new system, and the casino operations are dependent on these systems to run the business. In today’s world, cyber agents are not only able to find information about obscure gaming systems, but they have experience attacking them and are actively infiltrating the casino industry with increasing success via ransomware attacks.

Casinos are prime candidates for ransomware attacks, as massive amounts of cash touching their gaming systems create a highly motivating incentive for cybercriminals to target your industry. In addition to the massive cash incentive hackers seek though carrying out ransomware attacks, it is important to be aware of the significant risk that is accompanied with the highly sensitive information in a casino’s customer database.

Recognizing The Attacks

Ransomware attacks are one of the most difficult cyberattack methods to combat, so it is important to be mindful of how they present themselves and the undoubted fact that they are actively attempting to breach the casino systems. Pretty much anyone who has ever had an email account has probably received at least one, if not hundreds of terribly obvious phishing emails and sent them to the trash bin.

However, it is imperative to remain cognizant of phishing emails that are not as obvious as one might assume. It is unsettling how shockingly simple it is for anyone to send an email from a fake address that rather legitimately appears to be the manager of the employee who failed to recognize that something wasn’t quite right about the message.

There are dozens of fundamental computer systems within a gaming operation, so it is important to always be aware of any known issues and make sure that only those who should be aware of these faults are the only ones with knowledge of their existence, because ransomware agents are able to take advantage of these weaknesses to begin attacking the systems.

These opportunities for cyberattackers include zero-day vulnerabilities. These zero-day attacks are attacks that take place through known weaknesses in core systems, such as Microsoft Windows. These attacks are virtually unstoppable. Attackers can, for example, initiate zero-day attacks at organization-issued iPhones. Consider that the web browser Chrome experienced and resolved at least six zero-day flaws last year; hopefully this example sheds some perspective on how very much possible—or more so, likely—this is at your property.

Trojan horses are another common threat that imposes hidden malicious code onto a legitimate software program after initially making its way onto the device through a downloaded software that appears to be legitimate by the victim of downloading it. Cybercriminals even attempt to bribe casino employees as a means of obtaining internal information or access.

Defense System

Taking precaution and having active defenses against ransomware attackers is an absolutely necessary element of a secure gaming operation in today’s world. Even more so, it is necessary to maintain the integrity of the business operation and continuing to earn the trust it requires from its patrons.

Should a casino choose not to take additional cybersecurity measures, you might want to consider whether you are prepared, both personally and professionally, to take on the excruciating hassle of attempting to cope with a cybercriminal. If that somehow seems like a manageable task to anyone, then a substantial amount of your budgeting should be dedicated to purchasing Bitcoin in preparation for paying the ransom of your next attack.

However, keep in mind that the cybercriminal could very well take the untraceable currency and whatever other demands the casino has ceded to without returning whatever casino assets they held ransom. Additionally, ceding to a hacker’s demands simply encourages these cybercriminals to further engage in illegal behavior and is generally regarded as a very bad idea by the intelligence community.