APR 26
It takes less than 3 seconds to find a news headline about casinos brought to their knees by a gang of hackers. Big casinos, small casinos, you name it, they’ve been hacked before. Do you think they had up-to-date antivirus? They most definitely did. So why is this happening? And what can you do to stop it from happening to your casino?
It’s happening because antivirus isn’t perfect. It’s reactive and focused on only a small piece of the puzzle. It can also be misconfigured (and it often is). Another reactive security system? Alarms.
Think about your physical office. You probably have an alarm system set up, right? If someone broke in, the alarm would be tripped; if wired properly the monitoring company would be alerted. The monitoring company would call you and, if you didn’t trip the alarm, would call the police. It seems straightforward, but there are some catches.
The alarm system catches when the crook is already in the building. The criminal is already going through your stuff. The same goes for antivirus. It’s only triggered after your data has been stolen or encrypted. In both situations the alarm doesn’t go off until after the damage is done.
Both situations only focus on one piece of the puzzle.
Antivirus is often so misconfigured that sometimes an alarm isn’t even raised. In an analysis of more than 10,000 networks, less than 40% had the antivirus configured to alert someone who knew what to do to address the issue. And this is only one type of misconfiguration; there are countless others.
Use multiple systems. Create what we like to call strategic overlap: use multiple tools. Lastly, consider getting a third-party assessment done. Have someone come in and analyze your network and your security program. This could be accomplished by doing a recurring vulnerability or penetration test. You can then use the findings to identify weak spots in your program and can prioritize them based on the impact on your casino. If you would like a third-party risk assessment, go to csosean.com/analysis.