1. Cyber Security - Protecting Information
Devon Dalbock
General Manager
GLI Africa

2. Data Breach by the Numbers
Source: Symantec & Cisco

3. Where do Cyber Attacks Come From?
Source: Symantec & Cisco

4. What’s The Cost?
Source: Accenture

5. Is My Business at Risk?
Source: Symantec, Cisco & Accenture

6. Bet This Doesn’t Happen in the Gaming Industry!
Hard Rock Casino & Hotel – Las Vegas
Malware on POS System
Stole Credit Card details and CVV numbers
William Hill
DDoS attack in November 2016
Website down for 24 hours
PaddyPower
Data breach in 2010
Only discovered 4 years later

7. Top 5 Casino Cybersecurity Issues
Unpatched Systems
Lack of Network Segregation
Ineffective User/Group Management + Access Controls
Ineffective Logging and Alerting
Social Engineering Attacks

8. Unpatched Systems
Over 85% of all Malware Attack Are By Known Methods:
Organisations fail to patch systems regularly or effectively
3rd party software is often not patched along with the operating system
Many casinos and gaming systems run out-of-date software that is unsupported on current operating systems

9. Unpatched Systems Solutions Include: Improve Patch Management
Tight segregation of unpatched systems in restricted networks

10. Lack of Network Segregation
Many networks are designed for ease of use rather than security:
Segregating networks makes it more difficult for an intruder to penetrate deeper into a network or system

11. Lack of Network Segregation
Solutions Include:
Segmentation with isolation and data classification
Each segment is assigned:
A unique Virtual Local Area Network (VLAN) ID
A security level
An IP address range
Access Control Lists (ACL’s) to control traffic
Data classification creates levels that control access to sensitive data:
Identify and control which systems can house and access data
Determine which users have access to which data

12. Ineffective User/Group Management + Access Controls
This can also be labelled “protecting ourselves from ourselves”. Commonly seen examples:
Excessive admin accounts
Poor or default passwords
Loose permissions

13. Ineffective User/Group Management + Access Controls
Solutions include:
Enforce strong passwords
Ensure Admin users have a secondary account for performing their Admin duties, not their normal user account.
Restrict permissions on data as much as possible
Protect database accounts and critical data with a higher standard of protection

14. Ineffective Logging and Alerting
A lot of organisations have spent a lot of money on logging systems but they are often
ineffective because:
They can’t determine which logs are important
They aren’t logging important application events (ex. game transaction logs)
They aren’t analyzing for security events
They don’t log for the events that attackers are actually triggering

15. Ineffective Logging and Alerting
Solutions Include:
Alerts need to be handled in real-time or they aren’t effective

16. Social Engineering Attacks
attacks that come in many forms (over 10,000):
Phishing – Please enter your user name and password to continue
Whaling – Phishing attacks directed at BIG FISH (C-Level)
Malware – Here is your invoice

17. Social Engineering Attacks
Solutions Include:
Filtering – Attachment Filtering
Education and re-education
In IT terms: “Patch the User”

18. How can GLI help?
We provide tools to combat Hacking and Security Breaches on your equipment
Provide education on Security Best Practices
Provide the highest level of Quality Compliance Testing
Real-Time Monitoring of Network Activity through our Security Operations Centre (SOC)

19. General Manager – GLI Africa
Thank you!
Devon Dalbock
General Manager – GLI Africa
Tel: +27 (0)