Following a recent industry breakfast hosted at Mishcon de Reya, Gambling Compliance reports on how online gambling operators leave themselves open to attack in their article: 'Omni-Channel Can Weaken Hacking Defences, Experts Say'
The gambling-industry trend to omni-channel — or make betting available seamlessly to customers on smartphones, PCs and at retail sites — may be exposing operators to hacking and other security risks, experts have said.
An operator’s IT department may have built a formidable wall against cyberattacks, but omni-channel capabilities can open online operators to all sorts of mischief elsewhere, said Joe Hancock, a cybersecurity consultant for Mishcon de Reya.
For example, third-party apps may have designers who are not as security savvy as they could be. “Those agencies make very good mobile applications, but they don’t make very secure mobile applications,” said Hancock, who was speaking recently at the London law firm’s presentation on cyberattacks, data protection and fraud.
“Outside content could be a point of attack,” said Justin Cosnett, head of solutions architecture at Continent 8 Technologies data services company. “The more surface area you have as a business, the more exposed you are, the more you have to test.” The gambling industry is one of hackers’ prime targets for sabotage and destruction, along with government, internet service providers, web hosting firms and financial institutions, Hancock and others said.
Online gambling can be a target because it generates huge numbers of transactions, especially at sports events, because some people hate gambling, or just for malicious fun. A competitor may attack an online operator, or even a government might do so in a grey-market situation, Cosnett said. But the good news is, “this industry, because it’s attacked so often, is actually relatively mature in how it protects itself”, he said.
Operators wage an arms race with hackers, and big, splashy attacks can sometimes hide smaller ones — malware can be surreptitiously planted while the IT department grapples with a potent challenge, he said.
Operators are often tempted to collect as much data as possible, to meet know your customer (KYC) and other requirements, and may feel that it is safest kept in-house, Hancock said. But more data can be harder to protect, he said.
To view the full article, please click here. Please note this is a subscription only website.