Beyond steadily expanding into a multi-billion-dollar industry, internet gaming (iGaming) has been demonstrating its growth by adopting technological innovations. Like the rest of the broader gaming sector, iGaming sites have been leveraging the tools discussed in a previous post entitled ‘How Emerging Technologies Are Shaping the Gaming Industry’. These include realistic and advanced graphics that allow iGaming to simulate the immersive environments of land-based casinos, and cross-platform play that enables the industry to reach more players who use smartphones, computers, and other electronic devices.
However, as iGaming technology evolves, so do the threats that compromise platforms’ safety and security. Given the volume of customer information and financial transactions involved in iGaming operations, online casinos have become the targets of cybercriminals. The Federal Bureau of Investigation has observed that threat actors devise several tactics to exploit system vulnerabilities in the gaming sector, making it crucial to identify common cybersecurity threats that iGaming platforms currently face.
Security risks and challenges in the iGaming industry
As mentioned above, iGaming operators have access to millions of customers’ sensitive information, making them vulnerable to malware or malicious software. Malware attacks seek to execute unauthorized actions on gaming servers to compromise and steal confidential data. In 2023, American gaming giant MGM Resorts, which owns both land-based and online casinos and sportsbooks, faced a high-profile ransomware attack that disrupted its operations. Ransomware is a type of malware designed to extort victim organizations after infiltrating their systems, thus costing businesses millions in revenue loss, investigation, and remediation.
While iGaming platforms are equipped to serve millions of users simultaneously, they can still be vulnerable to Distributed Denial of Service (DDoS) attacks. These attacks aim to overwhelm gaming servers with a flood of internet traffic, thus delaying network connections and causing downtime. When iGaming sites are rendered inaccessible to real players, operators not only lose revenue but also risk their reputation.
Since online players use real money for iGaming offerings like poker, slots, and other table games, virtual casinos are also susceptible to fraudulent activity. These range from sophisticated bots that infiltrate games and encourage cheating to malicious actors who take over player accounts and exploit their funds. These types of cyberattacks contribute to a loss in revenue, reputation, and consumer trust, so iGaming operators have become proactive in preventing, detecting, and responding to threats, as discussed below.
Cybersecurity efforts among iGaming operators
Players who aim to manipulate gaming outcomes are prevalent in poker, considering the classic casino game’s high stakes and mechanics based on statistics and probability. Thus, the leading US online poker site Americas Cardroom has made the significant move to weed out fraudulent activity by banning virtual machines and remote access tools. Malicious actors use these tools to view or share gaming content across multiple devices and ultimately gain an unfair advantage.
Furthermore, Americas Cardroom has strengthened its anti-fraud efforts by rolling out a series of advanced security measures, starting with the ACR Reshuffle feature. This anti-collusion technology reshuffles folded cards back into the deck, thus prohibiting cheaters from sharing hand holdings with one another.
The poker platform also employs advanced artificial intelligence and machine learning systems to identify bad actors and automatically issue a warning or ban their accounts. The same AI-driven strategy has been observed in other key iGaming industry players like online sportsbook FanDuel, which partnered with Prove Identity for authentication services that automate user verification and deter synthetic identity fraud.
Lastly, iGaming operators have been enhancing their cybersecurity strategies with the help of the International Gaming Standards Committee (IGSA). IGSA’s main initiatives for the global gaming industry include creating the Cyber Resiliency Committee (CRC). Gaming businesses of all sizes and scales can follow CRC’s cyber risk management, cybersecurity governance, and framework control standards designed explicitly for casinos and their digital ecosystems.
While iGaming operators have been keeping up with the ever-evolving threats and cyberattacks, they must remember that cybersecurity is an ongoing process. This urges them to regularly monitor and evaluate their systems to identify weaknesses and potential areas of improvement. Explore the Media-kom website for more insightful articles on cybersecurity, technology, and more.
