Caesars SVP warns cyber threats are new industry norm, staff need to think critically
During a webinar hosted by KPMG, Nicole Solaita, SVP and chief audit executive at Caesars, said cyber threats in the gaming industry are now âour new normâ.
She also noted that operators should be asking how frequently it could happen to them.
Reflecting on the highly impactive cyber-attack on Caesars last September, Solaita told the audience: âUnfortunately Iâve realised that this is really going to be our new norm in this corporate space.Â
âEducation for the employees is so key in this space and training is clearly fundamental. But as much as you train and you try to be prepared, weâre seeing that some of these cyber events havenât been all that sophisticated.â
Last yearâs cyber security attack on Caesars stemmed from a social engineering attack on outsourced IT support.
The attackers had obtained customer data, including a copy of Caesarsâ loyalty programme database. This included the driverâs licence numbers and social security numbers of various members.Â
Staff training is crucial
Solaita highlighted the difficulty in training staff to identify cyber security issues, as many attacks can be unsophisticated. Â
âIt comes back to social engineering and you [can] find yourself frustrated because, although you train folks, for whatever reason I think some of that is fleeting and when they find themselves in the moment and they get a call, a request or an instruction, some of that critical thinking is not so instinctive and they just go on autopilot,â Solaita said. Â
âWeâre going to have to really put all our efforts into this education space and really making sure everyone understands the risks and how we can be diligent at all times.â
Cory Fox, FanDuel VP for product and new market compliance, noted the online gaming environment was particularly different. But he added that it still presented a challenge in protecting extensive customer data. Â
âWe are investing heavily in online security. We certainly do a fair amount of cybersecurity training to the point that itâs annoying those of us who are pretty good at identifying phishing emails, but we get quite a few of them every month to make sure that weâre all staying on our toes,â Fox told the panel. Â
He also said the unsophisticated nature of current cybersecurity attack architecture was a major risk. Â
Investors raise cybersecurity concernsÂ
KPMGâs âState of risk in the gaming industryâ report said investors in gaming have become increasingly concerned about cyber risk. It prompted the US Securities Exchange Commission (SEC) to implement comprehensive new rules. Â
These are aimed at ensuring companies adhere to guidelines regarding the speed, reliability and effectiveness of their cyber-incident response plan. Â
The panel also considered the emerging cyber risks around generative AI and the growing use of AI across digital industries. Â
âIn a large organisation, trying to put some guardrails around the usage [of generative AI] and then understanding the business use cases is a tremendous effort,â Solaita said of the technologyâs potential. Â
âIâm super excited about really leveraging it, but thereâs concerns, like who owns the data and who has access to the data? You donât want to put your data privacy and protection at risk,â she added.
MGM faced a hugely financial damaging cyber attack on 11 September, which forced it to shut down certain systems. The firm said the attack had a negative adjusted property EBITDAR impact of approximately $100m.