A gaming operation could spend a billion dollars to deter an attack, but without effective internal defenses and a comprehensive, well-rehearsed plan outlining clear attack remediation and recovery steps, operators will find themselves exposed and unprepared when an incident occurs.
This new reality means leaders in the gaming industry must adopt a philosophy that we call “assumption of incident.” Casinos can no longer hope to achieve flawless cyber security across their sprawling network perimeters. It’s a sad truth: enterprise networks must be considered semi-permeable. Operators must be ready to respond to an attack. Some security experts call this notion “assumption of breach,” but this only captures incidents of improper access to confidential data. Assumption of incident reflects the various other risks facing gaming businesses, including gameplay hacks, theft of electronic funds, money laundering, and cyber attacks that knock online gaming operations offline or cause full-on business disruption.