Cybercrime is on the rise and with iGaming companies holding large amounts of valuable data, they are likely to be targeted. A hack or a major data breach can be disasterous for business, but there are preventive cybersecurity measures that iGaming operators can follow to minimise risk.
The last 12 months have seen several high profile cyber-attacks that have left businesses reeling. The DDoS attacks on domain host Dyn in November 2016 denied millions access to websites including Twitter, Netflix and Facebook for hours before the bug was fixed. WannaCry ransomware attacks spread across the globe in May this year, affecting organisations in 150 different countries including the NHS. Data breaches like those at Yahoo, TalkTalk and Sony have made headlines and caused considerable damage to firm’s reputations.
The online gambling industry is not immune either. In November 2016 William Hill was affected by DDoS attacks which took their website down for 24 hours, preventing customers from placing bets on UEFA League action. And Paddy Power suffered a data breach in 2010 that only came to light 4 years later, much to public dismay.
Cyber-attacks come in many forms but they can broadly be categorised into those that disrupt operations (such as distributed denial of service, where infected computers are recruited into ‘bots’ to flood the network with traffic) and those that aimed at data theft. Customer data, especially financial information like credit card details, can be sold on the dark web or used for identity fraud, and ransomware attacks provide instant revenue when victims pay out hefty ‘ransoms’.
Gaming and Gambling Industry: A High-Profile Target for Hackers
iGaming companies, with large amounts of sensitive customer data and online payment processing, are profitable targets for hackers. Although often it’s customer accounts that are targeted, (like the recent Camelot hack) operators live in fear of a large scale attacks on their own network.
The implications for a serious data breach or a DDoS attack are huge. For a company like William Hill making roughly £1.6bn in annual revenue, just a 24 hour downtime (as the firm experienced during their recent DDoS attacks) could result in a £4.4m revenue loss. Then there’s the potential for reputational damage as customers switch in anger or fear to competitors they believe to be more secure. It’s estimated that TalkTalk’s infamous data breach in 2015 cost the company 100,000 customers and £60m in revenue.
There could also be ramifications from regulators. TalkTalk’s fine for that incident topped a record £400,000, but firms could soon be faced with much higher fines. Under the new GDPR framework coming into EU law in 2018, firms could be fined up to 4% of revenue (or £20m, whichever is higher) for a data breach. It certainly pays to be safe.
What iGaming Operators Can Do to Prevent Data Breaches and Cyber-Attacks
The key is vigilance – making security a priority within the organisation. Following these guidelines may help prevent an attack or limit the damage.
1 – Make sure staff are briefed on good cybersecurity practice
Hackers often use social engineering techniques to get employees to click on malicious links or open attachments in emails. Briefing staff on good practices like deleting emails from suspicious senders, not installing software on their machine without prior authorisation from IT, and creating secure passwords can go some way. Firms might also consider ‘whitelisting’ where employees are prevented from accessing unidentified websites to prevent ‘drive by’ attacks, and placing limitations on non-administrator users. Interested? Enrol your staff on our information security course
2 – Invest in up to date firewall, anti-malware and advanced threat detection
The latest developments use machine learning techniques to spot unusual behaviour on a network, and can prevent as well as mitigate the damage of a cyber-attack by detecting threats early.
3 – Have a thorough protocol in place
To follow in case of a data breach or other cyber-attack, and make sure staff are informed of this. This will help to ensure compliance as well as limit damage. For example, under new GDPR guidelines operators are required to inform customers of a data breach within 72 hours or risk a fine.
4 –Â Keep a tight hold on your supply chain
Many notable data breaches came about because of weaknesses in third-party infrastructure. Be sure to partner with reputable companies, limit third party access by network segmentation so they only have access to the data they need, hold vendors to tight security standards, and make sure protocols are established in case of a data breach.
Start here: Cybersecurity iGaming Training
iGaming Academy provides cybersecurity training for iGaming professionals and companies. For practical, comprehensive and up-to-date information on how to best secure your organisation and keep it compliant, check out our courses on GDPR and IT security.
Need advice or custom training packages? Contact us to arrange a consultation.