According to the American Gaming Association, there are 979 casinos in the U.S., raking in more than $73 billion in gross gaming revenue. Those are rich pickings, and it makes casinos an attractive target for hackers. And while the general public tends to consider casinos as secure as Fort Knox, reality tells a different story: When it comes to cybersecurity, the house doesn’t always win.
In 2014, the Sands Las Vegas Corporation suffered a damaging cyberattack. Hackers made off with credit card data and personal information like driver’s license and Social Security numbers. What’s more, another popular hotel and casino in Las Vegas ingloriously experienced not one but two data breaches of its card processing network between 2014 and 2016.
More recently, outside-the-box thinking enabled hackers to steal an unnamed casino’s customer data by accessing its high-roller database through a connected fish tank in the lobby equipped with a smart feeder control.
With 2019 shaping up to be the worst year on record for cyberattacks, the casino industry can’t afford to take a risk on outdated systems and approaches that don’t keep pace with evolving threats.
A Constantly Growing Attack Surface
A huge amount of technology goes into a modern casino, including management systems used for slot accounting and player tracking, alongside more typical solutions for marketing, customer service, mobile apps, and social media. Along with the burgeoning Internet of Things (as evidenced by that fish tank hack), these technological solutions create an increasingly complex threat landscape for casinos.
The challenges don’t end there. Casinos are typically linked to the hospitality industry through the hotels where they’re located and the restaurants with which they share space. That means the customer data available to hackers includes not just casino high-roller lists and sensitive personal financial information (like debts and credit status), but also the credit card details, booking and reward program information for the hotels and dining establishments associated with the casinos.
Locking Down the Casino Floor
Many casinos would like to make their cybersecurity more robust but are shackled by software from gaming manufacturers that isn’t always up to date or doesn’t run on the latest operating systems. In addition, PCI compliance is more complex than in other environments, because cards are accepted across not only the casino floor, but also their related hotels, restaurants, and even merchandise retail outlets.
The complexity adds up and presents unique challenges. Unfortunately, just like other small and medium enterprises, smaller casinos may lack the budget and qualified staff to monitor their security environment. This is especially true in tribal casinos, which can often struggle to attract and staff top IT talent in rural locations.
The stakes couldn’t be higher. Casinos that get hit will struggle to recover from the brand, operational, and financial damage of these cyberattacks. They could also face crippling fines if any of their many points-of-sale don’t meet PCI compliance standards.
For many casinos a “security operations center” may only refer to the room where they monitor surveillance for cheating customers. A similar in-house solution for cybersecurity is out of reach for most casinos because of the cost and expertise needed to staff and manage 24/7 threat detection and monitoring.
That’s where a security operations center (SOC)-as-a-service comes in.
By using a SOC-as-a-service, casinos gain a full suite of cybersecurity solutions to combat the rich threat environment in which they operate, including:
- An affordable option for casinos who can’t afford full-time, on-site cybersecurity staff.
- A 24/7 team to monitor and respond to threats and augment a casino’s existing IT team, complementing the ’round-the-clock operating hours of many casinos.
- An immediate picture of risk to understand top priority vulnerabilities and strengthen security postures, so you don’t have to worry about becoming the next headline.
- Reporting and documentation to maintain PCI compliance throughout the property.