Now that the COVID-19 pandemic seems to have dissipated from
the news headlines, one of the relics it has left has been the Remote
Workforce. As I have written before,
this is something that many people thought would happen in a few years.
But right when it hit, within a three-month timespan,
everybody was pretty much WFH. With this
transition, many Americans now have taken up new hobbies, and one of them is
online sports betting.
So what is this exactly?
Well, rather than going straight to the sporting venue to place a
monetary as to which team will win, you can now do that all online, with a
sports betting application. You can do
this directly from a web link on your device, or the more popular tool to use
would be a mobile app.
Do for example, if you wanted to bet on the March Madness
basketball brackets, rather than doing at work, you can do it straight off the
app.
It is actually quite convenient, as you get updates on your
bets in real time, and once you have made enough money, you can transfer it in
just a few seconds to your bank account.
But with all of these plusses, there comes downside as well.
And this comes from the Cyber risks that come with it. Since all betting transactions are done on
the Internet, all of the platforms are just as prone (or maybe even more) to
the Cyberattacker.
Take into account these hacking scenarios, which have
actually happened:
*According to a recent survey from an organization called
“Coda Labs” a survey of nearly 7,000 respondents showed that there is an almost
41% distrust in the security of online gaming platforms.
More information about this can be seen online here:
https://www.esports.net/news/fraudulent-web3-gaming-projects-what-they-mean-for-the-space/
*Back in 2021, Electronic Arts, a major online gaming
vendor, there was a data security breach which resulted in well over 780Gb of
information and data being heisted. This
was then sold by the Cyberattackers on the Dark Web.
More information abut this Cyberattack can be seen at the
link below:
https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code
But it’s also not the online gaming community that is being
hit, but also the crypto trading platforms as well. For example, Ronin Bridge a platform built for
Ethereum trading was also hacked into, and from that, over $650 million was
heisted.
More details on this can be seen at the link below:
https://cointelegraph.com/news/the-aftermath-of-axie-infinity-s-650m-ronin-bridge-hack
So in the end, somebody has to take the lead in helping to
protect these online betters. And guess
who it all comes down to? You got, the
CISO. So what can they do? Here are some steps that can be implemented
fairly quickly;
1)
Find out where your betters hang out at:
Online gaming apps just do not
exist on a smartphone app. They also
exist heavily in the social media world as well. So, find out where your employees go to, and
offer tips and advice as how your gamers can best protect themselves on that
particular platform. If needed, even
offer specialized Security Awareness training in this regard.
2)
React immediately:
Although every Cyber threat variant
should be taken very seriously, breaches when it comes to online betting should
be taken more seriously. The primary
reason for this is that this is where real money is being transacted, and a lot
of PII is being transmitted back forth between betters and the mobile apps.
3)
Be aware of BEC scams:
This is the type of Phishing attack
where a CEO is impersonated, and very often, strikes a sense of fear into
employees (or in this case the online betters) to act in a way that is not
rational. For example, a scam like this could ask betters to place bets on
phony sporting teams. As a CISO, you
need to be fully aware of this, and to have your IT Security monitor what is
going on. Also of need be here, even
educate your betters about this particular threat variant as well.
4)
Ensure data protection:
This is a no brainer, and in fact
is now mandated by the statutes and provisions of the GDPR and the CCPA. As the CISO, you have primary responsibility
to make sure that all of the PII datasets of your betters are as protected as
much as possible, and that the appropriate alarms and warnings will go off once
a threat variant is tracked aimed at your databases.
5)
Pay attention to the phony stuff:
At the height of the pandemic,
phony websites became the norm. Although
this has dissipated somewhat, this trend is still there. In fact, it has gotten so bad that it is even
hard for a Cyber professional to discern what is real and not. Make sure that your IT security is on top of
this. Also, be aware of typo
squatting. This is where a Cyberattacker
will register a domain like yours, but instead, put an extra letter in it. For example:
onlinegaming.com
could very easily become:
onlinegamming.com
Notice the extra “m”? It is from here that phony websites can
launched. You also have to be very
mindful of this, and report any fictitious sites.
Also be aware of any phony ads or
promotional codes that replicate your online betting site or app.
My Thoughts On This:
This blog has just provided some tips that a CISO can use to
protect only their online betters but even their employees as well. But keep in mind, that they have their part
they need to do as well. For example,
these groups of people need to be aware of any Phishing based emails that they
may receive, and report them. But above
all, they need to be able to detect what is normal activity and what is out of
the norm, and report that immediately to your Cybersecurity team.
Some of these gaming platforms are now starting to exist in
what is known as the Metaverse and the Web 3.0.
Eventually, these are the places where they will all exist.
The downside of this is that not many people know about
these newer kinds of online technologies, thus a strong level of trust will
have to be built with your online betters if you are planning to take your
platform into this direction.
No comments:
Post a Comment