It’s no secret that cyber threats are on the rise, and casinos are increasingly becoming targets. Having awareness of the latest trends on cyber attacks and a proper cybersecurity plan in place are essential to avoiding and reducing attacks on your property. Vector Solutions’ employees experience first-hand IT’s preparedness through ongoing training, education, and awareness in doing our part to stay cybersecurity smart. Although National Cybersecurity Month has ended, the importance of cybersecurity beyond awareness month is more critical than ever. That’s why we spoke with Vector Solutions Chief Information Security Officer Greg Surla to talk with us about it.
According to Surla, the biggest changes and latest trends include privacy issues and, as a result of COVID-19, the remote workstations. Personally identifiable information (PII), which is data that could potentially be used to identify a particular person, is becoming a huge concern of the cybersecurity world. While viruses and hackers were once primary threats, stealing one’s private information has taken precedence. As a particular example, Surla references the player tracking software casinos use as one type of target.
Likewise, with the adaptation to COVID, IT security has had to find new measures beyond the firewalls they relied on within secured office settings of a brick and mortar workplace.
Vector Solutions has been progressive with such measures, and had already begun implementing its protection protocol for remote users before the pandemic. However, not all companies were prepared for such a dramatic shift in workforce culture.
“Going remote and protecting those individual workstations has been a big transition for a lot of companies,” says Surla. “For us, we stress a lot of awareness at Vector because we view [employees] as the first line of defense,” Surla adds. “You can put as many security controls as you want on a computer, but it all comes down to people.” That’s why he urges that training employees on what to be aware of is a significant strategy for protection.
Another massive trend is ransomware, or what Surla calls the “800-pound gorilla” of cybersecurity. For casinos, a $44 billion industry, it’s especially threatening. “A lot of their operations are computer-based and when they are infected with ransomware, it starts encrypting everything and no one can use the system,” Surla warns. “If a casino goes down, for even the shortest amount of time, they’re losing a ton of money.”
What makes ransomware risky business for casinos is that they not only lose money, but they’re at risk of losing their reputation too. When a casino suffers from an attack, it has the potential to ruin its reputation, inevitably costing them money.
So how do you combat an 800-pound gorilla, privacy threats, and remote workstation vulnerability?
Three words: Incident. Response. Plan.
It’s important to have an incident response plan because it details who is responsible for what, what plugs to pull, and how quickly to respond. “The longer you let it fester, the bigger the problem gets,” Surla says. A good incident response plan includes the following steps: prepare, detect, neutralize, remove, and recover.
Preparation is the single most critical step against cyber attacks. Secondly, detection—being able to identify and analyze threats—establishes grounds for measuring the scope of the incident. Once detected, determine how your property will neutralize the incident, containing the issue as quickly as possible. Finally, the last two steps are eliminating or removing the threat altogether, and knowing what happens next in an effort to recover from the incident. Then, it’s important to ask questions on lessons learned, and how to better respond to or anticipate such incidents in the future.
Surla had stern advice to never become comfortable or complacent for casinos with these parting words, “Everyone’s a target. Get trained, keep employees informed on trends and potential threats, and get employees trained on those red flags, so they understand what’s important to us [IT security].”
Vector Solutions Casinos has top-of-line content courses authored by experts in the field of IT security. Two of our highly sought-after courses are Title 31 SAR Incident Scenarios & Reporting within the AML Compliance Program, and SAR Incident Reporting for IT within the IT & General Security Program. You can learn more about our course content by clicking here, or by requesting a demo of our cybersecurity training here.
Vector Solutions for Casinos has been in the industry for over 10 years, as the leading Saas provider for online Title 31 and Anti-Money laundering training, helping clients meet federal mandates for reporting certain currency transactions to uncover money laundering and other financial crimes. Over the years we have built a comprehensive gaming-specific course catalog containing nearly 150 online training courses from Customer Loyalty, to Safety, Leadership Training and more, all hosted in our powerful Learning Management system, Vector LMS (formerly CELEXA, a Casino Essentials brand).
We proudly serve over 350 casinos nationwide. Vector LMS for Casinos is trusted by Boyd Gaming, Jack Entertainment, Bally’s Corporation, Four Winds Casinos, Wind Creek Hospitality, Desert Diamond Casinos, Muscogee Creek Nation Casinos, Delaware North Casinos, & Foxwoods Resort Casino and more! Our learning management system, Vector LMS for Casinos, is the most user-friendly platform on the market.