Cyber Threats Become the New Norm for Gaming Industry, Says Caesars' SVP

During a KPMG-hosted webinar, Nicole Solaita, SVP and chief audit executive at Caesars, emphasized that cyber threats have become the “new norm” in the gaming industry. Solaita highlighted the pressing need for operators to assess their vulnerability to such attacks frequently.

Reflecting on a significant cyber-attack on Caesars last September, Solaita remarked, “Unfortunately, I’ve realized that this is really going to be our new norm in this corporate space.” She stressed the importance of employee education and training in this area, noting that despite rigorous training efforts, some cyber events have not been particularly sophisticated.

The Impact of Last Year’s Cyber Attack

The cyber-attack on Caesars last year was initiated through a social engineering tactic targeting outsourced IT . The attackers managed to obtain customer data, including a copy of Caesars’ loyalty program database, which contained sensitive information like driver’s license numbers and social security numbers of various .

Solaita underscored the challenges in training staff to recognize cybersecurity threats, as many attacks can be relatively simple in nature. “It comes back to social engineering,” she said. “You can train folks, but in the moment, critical thinking might not be instinctive, leading them to follow requests or instructions on autopilot.”

She emphasized the necessity of continuous education and ensuring that everyone understands the risks and remains vigilant at all times.

Challenges in the Online Gaming Environment

Cory Fox, FanDuel’s VP for product and new market compliance, highlighted the distinct challenges in the online gaming environment, particularly in protecting extensive customer data. “We are investing heavily in online security,” Fox stated. “We conduct frequent cybersecurity training, even if it becomes annoying for those adept at spotting phishing emails. The goal is to keep everyone on their toes.”

Fox also pointed out that the simplicity of many cybersecurity attacks remains a major risk, echoing Solaita’s concerns.

Rising Investor Concerns Over Cybersecurity

KPMG’s ‘State of risk in the gaming industry’ report revealed that investors are increasingly worried about cyber risks, prompting the US Securities Exchange Commission (SEC) to enforce new rules. These regulations ensure companies maintain a swift, reliable, and effective cyber-incident response plan.

The also discussed the emerging cyber risks associated with generative AI and its growing use across digital industries. Solaita acknowledged the potential of AI but warned about the risks related to data privacy and protection. “In a large organization, trying to put some guardrails around the usage of generative AI and understanding the business use cases is a tremendous effort,” she said.

Recent High-Profile Cyber Attacks

The gaming industry has faced several high-profile cyber-attacks recently. On September 11, MGM experienced a financially damaging cyber attack, forcing the company to shut down certain systems. The attack had a negative adjusted property EBITDAR impact of approximately $100m.

These incidents highlight the critical need for robust cybersecurity measures and constant vigilance in the gaming industry. As cyber threats continue to evolve, operators must adapt and enhance their defense strategies to protect sensitive data and maintain trust with their customers.

Source: “Caesars SVP warns cyber threats are new industry norm, staff need to think critically”, iGaming Business, June 19, 2024.