IAG AUGUST 2015 - page 8

inside
asiangaming
August2015
8
ArecentGartner study found that75%ofapps
released through2015will fail basic security tests.
Ourown internal auditfinds that60%of the100most
popularapps (including thosewithdual appeal to
individual consumersandexecutives)haveahighrisk
rating inoneormore security categories.
Cyber
Security
potentially catastrophic consequences. This
problem is complex because most people
(including casino IT administrators) do not
know if the apps they depend on are really
secure. They don’t know how their favorite
apps store sensitive information, orwhether
an app encrypts data or performs certificate
authentication.
But cyber thieves know very well how
these things function and they can quickly
use a leaky app to unlock very lucrative
content. And these attacks are not an
aberration, unfortunately. A recent Gartner
study found that 75% of apps released
through 2015 will fail basic security tests.
Our own internal audit finds that 60% of
the 100most popular apps (including those
with dual appeal to individual consumers
and executives) have a high risk rating in
one ormore security categories. All of these
apps are available through Google Play and
iTunes. None of themwould cause a typical
user toworry about data theft.
All of which means casinos need a
thorough, fast and effective answer to
this danger. A proactive strategy toward
mobile security—one that addresses
not just malware and targeted attacks,
but the greater danger posed by leaky
apps—represents a chance for the gaming
industry to strengthen its credibility and
enhance its relationship with some of its
most preferred guests.
ITPAYSTOSCAN
Casino managers must, therefore, inform
their workers about this subject, converting
these individuals into vigilant agents on
the front line of defense. One way to do
this is to educate them about the SCAN
principle of mobile technology—Systems,
Configurations, Apps andNetworks:
Systems:
If employees use a mobile
device as part of their job, they shouldmake
sure they’re running the latest version of
the iOS or Android operating system. Older
operatingsystemsoftenhaveknownsecurity
flaws an attacker can exploit.
Configurations:
Devices should be
protected by a strong password. Users
should also avoid “jailbreaking” their
smartphones, as this canmake the devices
more vulnerable to attack.
Apps:
Your apps need to be tested
and retested for security vulnerabilities
before they are released to the public or
implemented across your workforce. Apps
shouldnotstoresensitive informationon the
device. If they absolutely must, developers
need to make sure that the material is not
stored in clear text or on an easy-to-find
database. SSL/TSLprotocolsshouldbeused
toprotect data in transit.
Your employees should use only apps
offered in Apple’s App Store or Google
Play since they are far less likely to be
bundled with malware. Employees should
also be wary of apps that request excessive
permissions, and they need to stay updated
with the latest versions of their apps, as
many vendors use new releases to patch
existing security holes.
Network:
Casino staff should only use
known and secureWi-Fi networks. Attackers
canuse insecureor “open”Wi-Fi to intercept
traffic andmine it for sensitivedata.
Implementing these measures will
help you maintain the safety of your data
and that of your customers with the same
professionalism and integrity that casinos
bring toother aspects of theirwork.
That winning combination rewards both
thehouseandhermost respectedplayers.
1,2,3,4,5,6,7 9,10,11,12,13,14,15,16,17,18,...48
Powered by FlippingBook