According to the American Gaming Association, there are 981 casinos in the United States, raking in more than $57 billion annually in gross gaming revenue. With that much money at play, it’s no wonder hackers view casinos as potential jackpots. And while the public tends to consider casinos as exceptionally secure, the reality is this: When it comes to cybersecurity, the house doesn’t always win.
In June of 2021, six casinos in western Oklahoma were the target of a damaging ransomware attack that shut down operations for several days. And these kinds of attacks are not outliers. In October of 2020, a cyber attack on the Cache Creek Casino Resort in Brooks, California caused it to shut down for three weeks.
In fact, the National Indian Gaming Commission recently reported that the number of cyber attacks casinos face has increased 1,000 times since 2019. The dollars are so large and the risk so great that the FBI’s Cyber Crime Division issued a special warning to casinos in November of 2021 citing “damages estimated in the millions” and “attacks leading to operational disruption, sensitive-data theft, and financial losses.”
With 2022 expected to be another record-breaking year for cyber attacks, the casino industry cannot afford to gamble on outdated systems and approaches that don’t keep pace with evolving threats.
Why Casinos Are Targets for Cyber Attacks
An Expanding Attack Surface
Casinos need to secure more attack surfaces than typical businesses in the hospitality industry. That’s because a vast amount of technology goes into a modern casino, including common tech solutions for marketing, customer service, mobile apps, and social media, but also management systems used for slot accounting and player tracking. Pair this with the burgeoning Internet of Things (IoT), where innocuous network-connected devices like fish tank thermometers can be the entry point for a breach, and casinos are staring down an increasingly complex threat landscape.
The challenges don’t end there. Casinos are typically linked to the hospitality industry through the hotels where they are located and the restaurants with which they share space. That means customer data available to hackers includes not just the contact information and sensitive personal financial information (like debts and credit status) of gamblers, but also the credit card details, booking, and rewards program information for the hotels and dining establishments associated with the casinos.
A Full House of Cybersecurity Challenges
The stakes couldn’t be higher. Casinos that get hit will struggle to recover from the operational, reputational, and financial damage of these cyber attacks. Here are just three of the ways they struggle to mount a strong defense:
Many casinos are shackled by software from gaming manufacturers that isn’t always current or doesn’t run on the latest versions of operating systems.
PCI compliance is more complex in casinos than in other environments because cards are accepted across not only the casino floor, but also at their related hotels, restaurants, and even merchandise retail outlets. Casinos can face crippling fines if any of their many points-of-sale are found to not meet PCI compliance standards.
Smaller casinos may lack the budget and qualified staff to monitor their security environment 24×7. This is especially true in tribal casinos, which can often struggle to attract and retain top IT talent in rural locations.
Upping the Cybersecurity Ante
For many casinos, their in-house security team is focused on monitoring and surveilling their game operations. However, a similar in-house set-up to review and respond to cyber threats is out of reach for most casinos due to the cost and expertise needed to staff and manage a 24×7 security operations center on-site.
That’s why partnering with a security operations solutions provider like Arctic Wolf can be a significant win for casinos. With managed security operations, casinos gain a full suite of cybersecurity solutions to combat the rich threat environment in which they operate, including:
- An affordable, tailor-made security operations solution for casinos who can’t afford full-time, on-site cybersecurity staff.
- A team of cybersecurity experts to monitor and respond to threats 24×7, fully supporting the operating hours of many casinos.
- An immediate snapshot of current risk to help casinos understand top-priority vulnerabilities and how to strengthen security postures, so they don’t make headlines for all the wrong reasons.
- Robust reporting and documentation to help maintain PCI compliance throughout the entire property (casino, hotel, restaurants, gift shop, etc.).
Learn more about how Arctic Wolf can benefit your casino or organization by requesting a demo.