Strengthening Cybersecurity in Gaming and Gambling
By Carlos Morales SVP of Solutions
In gaming or gambling, your website is your brand and your income. Attacks that interrupt access, slow down play, lead to fraud, threaten customer data, or compromise game integrity are critical threats to your brand and revenue. That’s why leaders in online gaming and gambling are turning to cloud-based security solutions to strengthen their defenses.
The gaming and gambling industry has always been a lightning rod for crooks, and as operators have expanded online, the bad guys have followed along. The remarkable financial growth of online venues in the last few years has intensified criminal interest and drawn more attacks.
How many more? Online attacks surged 260% in Q1 20221. But it’s not just the sharp increase in threats that keeps IT security teams working overtime; it’s the sheer number of them. Gaming and gambling sites are the target of millions of attacks every day2. Any one of them can have catastrophic consequences.
While the attacks intensify, their target – your website infrastructure – has grown far more complex, spanning public and private cloud providers as well as multiple data centers. It hosts more business functions and processes, more data, and more applications, including web applications; and it is connected to more IoT devices and data sources.
To cybercrooks, all the added functions, data and connections associated with your expanding network just make it a more attractive target with more vulnerabilities – many of them outside the reach (or under the radar) of traditional security protection. One casino suffered a significant theft of customer data exfiltrated through a “smart” fish-tank thermometer3!
To reduce these risks, gaming and gambling companies are adding cloud-based security solutions. They add critical protections that extend on-premise defenses to defend assets wherever they are hosted, intercepting and countering threats before they reach your applications. They are constantly updated under the guidance of IT security professionals dedicated to tracking and defeating emerging and evolving threats. And they offer powerful capabilities that are proven effective against the large and difficult threats that challenge traditional security tools.
Web application attacks are among the fastest-growing threats to gaming and gambling, climbing an astounding 340% year-over-year4. In part, the surge reflects the increased use of web apps as ubiquitous and indispensable tools for serving customers, managing play, and capturing revenue.
To accomplish all this, web apps have to be accessible to every user connecting from any network, all the time, which makes them nearly impossible to secure with on-premise tools. Moreover, many have problematic security weaknesses; as of 2021, 50% of all web applications were considered vulnerable to attack5.
You can secure your web apps with a cloud-based web application firewall (WAF). A strong WAF offers flexible, always-on protection that defends web applications, wherever they are hosted, against virtually all application layer threats. Key capabilities in an effective cloud WAF solution include:
A range of flexible security options including both negative and positive security
Protections against zero-day threats through automatic updates as new threats emerge.
Preconfigured protections against common threats including the OWASP top 10.
Easy-to-manage capabilities to customize protection such as rule recommendations based on actual traffic.
Full visibility into application traffic across even complex hybrid environments, with flexible reporting and logging features.
Malicious bots are another constant threat. They are leveraged for a range of potentially devasting attacks, including ATO (account takeover) fraud, odds scraping to enable crooks to boost their returns, account creation fraud and the abuse of new user benefits, gaming automation to tilt the playing field, and numerous other threats.
There’s a good chance a bad bot is crawling across your site as you read this. One recent report found that more than half of all traffic to gaming and gambling websites – 53.9% -- came from malicious bots6. Of course, legitimate bots also visit your site all the time, performing important functions like maintaining search engine data. But distinguishing malicious from legitimate traffic is extremely challenging.
The most effective option is a cloud-based bot detection and management solution. These solutions leverage multiple detection tools as well as industry intelligence and up-the-minute expertise in evolving bot threats to identify malicious traffic as it enters your hybrid network. The best solutions make it simple to isolate and manage them as well. Look for:
Multiple bot detection methods including device fingerprinting, rate limits and transactions per second.
Current IP intelligence data to identify new and emerging malicious botnets.
Additional identification safeguards that can be easily customized and applied.
Capabilities to categorize and fingerprint bots for effective management.
Multiple options to manage flagged traffic, including delay, redirection, and blocking.
DNS attacks interfere with the responsive gaming experiences that are central to your brand. DNS attackers can block or slow access to your website, threaten your customer data, and even hijack your entire domain. These attacks threaten your reputation and your brand, and cost you money. A single DNS attack costs an average of $942,0007.
They’re also far more common than you might think. The Global Cyber Alliance determined that one-third of all the security incidents involved DNS attacks8. A separate study in 2022 revealed that 88% of organizations had experienced at least one DNS attack over the previous 12 months9; many suffered through multiple attacks.
The solution is a cloud-based authoritative DNS service. A managed global service ensures unimpeded player access, supports responsive experiences, defends against the threats and costs of DNS attacks, and simplifies the management of DNS configurations for a complex online network. Your service should provide:
Effective security features to protect availability and access (DDoS protection for resolvers) and network assets (robust, user-friendly DNSSEC).
Overprovisioned, fault-tolerant platform for outstanding reliability.
Multiple global PoPs (points of presence) for the fastest responses.
Dual authoritative DNS network option for the highest level of geographic, network level, transit, and operational redundancy.
Advanced traffic management including failover service and load balancing options.
Easy-to-use management tools such as secure access management, real-time change data, and a proactive configuration tool.
Distributed denial of service (DDoS) attackers can block players from reaching your site, shut down your gaming systems, extort ransom payments, and mask or distract from penetration or data exfiltration attacks. While not a new threat, they have become larger, more intense, and more sophisticated in the use of multiple vectors. We recently mitigated a 1.1 Tbps attack.
They have also become far more frequent. In 2021 our security operations center managed and mitigated a 3x increase in the number attacks targeting our customers. Gaming and gambling is one of the most targeted industries; one recent study concluded that 25% of all gambling sites were hit by DDoS attacks in June 2022 alone10.
The best protection against this growing threat is a dedicated, cloud-based DDoS mitigation service. These services combine massive mitigation capacity with the technology and expertise to counter complex, long-duration, and multi-vector attacks. They scrub malicious traffic – regardless of the volume -- before it chokes your network. Critical capabilities include:
Massively overprovisioned mitigation platform to absorb the largest and most long-lived attacks.
Global access with multiple tier 1 internet network providers for reliable redundancy.
Advanced orchestration platform that interconnects with customer networks and on-premise solutions for near-instantaneous response.
Sophisticated automation to manage defense in depth, supported by 24/7 SOC expertise.
Neustar Security Services offers all these critical protections for online gaming and gambling with an integrated suite of cloud-based security solutions. They are continually monitored and supported by experienced IT security professionals in our 24/7 security operations center (SOC) and backed by outstanding customer support. Professional services are available to assist in installation and configuration to maximize their value to your business
Learn more about strengthening your protections against significant threats with powerful, comprehensive cloud-based solutions tailored for the needs of the gaming and gambling industry.