The NFL playoffs are underway and will culminate on February 3rd with the unofficial national holiday – Super Bowl Sunday. If you watch just a few minutes of the seemingly ‘round-the-clock coverage of the games, chances are you’ll hear about the betting odds. Football has long been a favorite among sports gamblers, particularly the Super Bowl. The American Gaming Association estimated that Americans bet about $4.76 billion during Super Bowl LII last year – that’s approximately the GDP of Barbados. Now that sports betting is legal nationwide, gaming companies can accept wagers at their facilities outside Vegas and online. More customers means more data, and that’s just what cyber criminals are betting on.
Gaming companies collect and store ever-growing volumes of sensitive financial and personally identifiable information (PII) information from their customers. Those volumes will only increase following the U.S. Supreme Court’s decision last May to overturn a 1992 law prohibiting states from legalizing sports gambling. Several states have already legalized it, and others are soon to follow.
While legal sports betting nationwide is new to the industry, the cyber threat is not. Some of the industry’s biggest players have suffered devastating data breaches over the last few years. There’s even a story of hackers launching a successful attack by compromising an Internet connected thermometer in a casino’s lobby aquarium to penetrate its network, locate the high-roller database and steal that information.
Endpoint devices, and the sensitive information users create and store on those devices, have never been more vulnerable to attacks, particularly as the number of fileless malware, advanced attacks and evasive threats that target organizations every day continues to rise.
Like almost every industry, gaming is also struggling with a severe cybersecurity talent shortage, making it very difficult to hire the experts they need. Protecting today’s complex infrastructure requires a fundamental change in how the industry approaches security.
We recently published our Gaming Industry Solution Brief that profiles the attackers and examines their motivations, such as targeting the PCI and PII of the “whales” who wager enormous sums of money whenever they visit a casino and selling that information on the Dark Web. It also provides guidance on how gaming companies can reduce the risk of suffering a data breach, even as legalized sports betting brings more customers to their physical and virtual doors.
Follow this link to read or download the brief.