4 minute read
CellPoint Digital
RICKARD VIKSTRÖM:
Without a shadow of a doubt, data protection should be one of the top priorities of every company, especially in the iGaming sector. Currently, personal data is the main target for internet hackers. It is extremely valuable on its own, not to mention online payments & transactions. While iGaming remains one of the fastest-growing industries in the world, continuously increasing the amount of online data and revenue it accumulates, both businesses and players remain prey to online criminals. First and foremost, it is critical to control how data can be accessed, as well as having di erent layers of security so that not all information is stored in one place. Unfortunately, there will always be security aws, hence we need to construct architecture that is able to withstand intrusion, just as we have been learning and building physical security over the past 100 years. For instance, the Marriott/ Starwood hack is the perfect example that shows how costly having all data in the same place can be. Not only were they ned £18.4m ($25.3m), but 500 million customers and the brand’s reputation were compromised. Another crucial point I would like to bring to everybody’s attention is the importance of both external and internal security. When it comes to data security breaches, everybody instantly thinks of external intruders. However, an angry employee, who can destroy his or her company by easily stealing data, still remains an unresolved issue. Something that is considered to be a taboo topic for many.
DAVID BRACE:
Data is arguably the most valuable asset that an online gambling organisation has, and the rise in publicised high-pro le data breaches re ects this. What’s more, the volume of data collected and stored by all organisations is increasing. It is predicted that cyber crime will cost the world $10.5tn annually by 2025 – no business is immune, and companies of all sizes are being hit by increasingly sinister attacks that have the potential to take them o ine. is causes disruptions to products, services and revenues, but most importantly reputations. e iGaming industry is one of the most attacked sectors; our quarterly DDoS statistics show a sizable increase in the number of attacks, as well as the severity. For this reason, it is more important than ever for all organisations to take cybersecurity and data protection seriously. ose that do will ensure they are as protected as they can be against these incidents, while those that do not will nd themselves incredibly vulnerable; and far more likely to su er a data breach and the consequences it brings.
GIVEN THE RISE OF TECHNOLOGY THAT AGGREGATES INFORMATION, HOW IMPORTANT IS IT TO PROTECT DATA
WARREN RUSSELL: Data protection is the single biggest risk facing any organisation that processes Personally Identifiable Information. The fines and reputational damage an organisation can face under GDPR far outweigh pretty much any other regulatory penalty, so protecting your customer data cannot be understated. We work in a highly competitive sector so anything that damages the integrity of your brand or your solution is going to give you problems, serious problems – and this is only looking at it from a business perspective. If you take into account the actual reason for being security focused, neither I nor anyone else wants their personal information available for use for nuisance or nefarious actions. So ignore data protection at your peril.
DAVID BRACE: We have more than 20 years of experience protecting data in the online gaming space. Our knowledge tells us that organisations, in terms of data security, should take a layered approach. There is a range of solutions this should include: DDoS, WAF, Endpoint Protection, and Security Information and Event Management (SIEM). Most recently, we have enhanced our Secure o ering with Managed reat Detection & Response solutions. is is a complete end-to-end proactive threat solution combining advanced SIEM/EDR/SOAR/ ML technologies with proven 24/7 SOC resources. This gives businesses and organisations unprecedented visibility, and response capabilities, against known and unknown threats – at a time when cybercriminals are really upping the ante.
WHAT IS THE BEST PRACTICE WHEN IT COMES TO STORING DATA
RICKARD VIKSTRÖM:
My number one recommendation is access control and segregation. Don't have it all in one place – simple as that! We always recommend di erent layers and microservices, or at least multiple tables within the database instead of a single uni ed database, to avoid the entire information being retrieved due to cross-site-scripting vulnerability. On the other hand, it is easier said than done. It is quite challenging to architect a system that is equally e cient and secure without overly complicating it. e main issue with architecting a system like that is that it takes a long time to build. In the meantime, ideally, you should be working with security access-control lists (ACLs) from the beginning. It will pay o in the long run.
WARREN RUSSELL:
ere are so many solutions and companies out there that will help, give you guidance and sometimes even con ict with one another. I guess it comes down to principles, and the key one is people. People are your biggest risk, clicking on that malicious link, password reuse, removable media… etc – this is the most common form of cyberthreat leaving businesses exposed – so it all begins with sta awareness; everyone, regularly. Make sure it is at the top of your list of things to do – are my team aware of data protection risks? From there, it becomes more technical and pretty much common sense – keep your security architecture and processes con dential – the more people who know them the higher the risk (a common question in an RFP), then encryption, IDS, IPS, secure transfer… the list goes on. Too much for the character limit I have here!
