If we have learned anything over the past year in gaming security, it’s to expect the unexpected, and that is a constant when it comes to cybersecurity. To help you stay ahead of the unexpected, here are trends that can help you defend against cyberattacks, regardless of the industry you’re in.
Top 5 Cybersecurity trends to watch in 2022:
- Continued impact and threat of ransomware
- Acceleration of migration to the cloud
- Attack footprint expanding with sustained telework and remote employees
- Shrinking IT and InfoSec staffs and budgets
- Gaming expansion and increased regulatory requirements
1. Continued impact and threat of ransomware
It would have been difficult to escape the threat and impact of ransomware in the news over the past year, from the Colonial Pipeline and JBS Foods incidents, to closer at home in gaming where several tribal casinos in Oklahoma were forced to temporarily close operations. Many of these attacks go unreported as the organizations either restore operations or pay the ransom. Until companies increase their security posture and address their existing poor cyber hygiene, we see these events continuing to increase and become more sophisticated.
It is important to be prepared in the event of an attack, and you can start by asking yourself two mission-critical questions: Has your company evaluated its existing incident response protocols? How are you prepared to recover from an attack?
2. Acceleration of migration to the cloud
As more and more businesses move into the cloud, there are more opportunities to make mistakes. Insecure S3 buckets and other storage misconfigurations, poor access management and control, insufficient logging and monitoring, and insecure APIs are among the vulnerabilities you should be careful of. It is important that organizations spend the time to evaluate the security of their cloud tenants.
3. Attack footprint expanding with sustained telework and remote employees
With Covid, and even prior, we have seen the trend toward a more remote and distributed workforce. While many advantages and efficiencies can be obtained from this model, it also increases security risks by expanding the security perimeter and creating a larger attack footprint. Access control and secure remote solutions become critically important. Many organizations have moved toward zero-trust solutions to better protect their environments. Companies will also need to perform more advanced security assessments to identify security faults and holes.
One way to do that is to conduct more adversarial simulations like performing a red-team penetration test from the perspective of an attacker that got access to a remote worker’s endpoint, either logically or physically. This allows companies to determine if they can detect malicious activities and see if an intruder could pivot and move laterally from the endpoint to more critical resources.
4. Shrinking IT and InfoSec staffs and budgets
Over the past year, casinos and gaming organizations have reduced IT staff due to Covid and/or experiencing staffing shortages. This places a greater burden on existing personnel and often security is an item that gets pushed to the back burner, until there is an incident. To help ensure your security, establish relationships with trusted vendors to fill these gaps. There are certain IT functions that naturally are easier to outsource, and security operations is one of these items, from monitoring to vulnerability scanning.
5. Gaming expansion and increased regulatory requirements
With the increased gaming expansion, both online and land-based, there has been a higher focus placed on security requirements. New jurisdictions have mandated certain security standards, and existing states are increasing the level of the security assessments required. For example, in Pennsylvania, the PGCB recently clarified their security guidelines and was one of the first states to require quarterly vulnerability scans be performed by the operators and submitted to the regulator. Is your company ready to meet regulatory requirements?
Regulators frequently ask for advice on the type of staff they need to have to work with gaming companies and vendors as it relates to information security. I predict that in the near future, there will be more alignment with the various jurisdictions on how they view and evaluate information security in gaming.
Companies must remain vigilant and focused on cybersecurity solutions in 2022 and beyond, and when they are ready, we are here to help.
– Gus Fritschie is Vice President, Security Services for Bulletproof, a GLI Company