Inside Asian Gaming

inside asian gaming August 2015 8 A recent Gartner study found that 75% of apps released through 2015 will fail basic security tests. Our own internal audit finds that 60% of the 100 most popular apps (including those with dual appeal to individual consumers and executives) have a high risk rating in one or more security categories. Cyber Security potentially catastrophic consequences. This problem is complex because most people (including casino IT administrators) do not know if the apps they depend on are really secure. They don’t know how their favorite apps store sensitive information, or whether an app encrypts data or performs certificate authentication. But cyber thieves know very well how these things function and they can quickly use a leaky app to unlock very lucrative content. And these attacks are not an aberration, unfortunately. A recent Gartner study found that 75% of apps released through 2015 will fail basic security tests. Our own internal audit finds that 60% of the 100 most popular apps (including those with dual appeal to individual consumers and executives) have a high risk rating in one or more security categories. All of these apps are available through Google Play and iTunes. None of them would cause a typical user to worry about data theft. All of which means casinos need a thorough, fast and effective answer to this danger. A proactive strategy toward mobile security—one that addresses not just malware and targeted attacks, but the greater danger posed by leaky apps—represents a chance for the gaming industry to strengthen its credibility and enhance its relationship with some of its most preferred guests. IT PAYS TO SCAN Casino managers must, therefore, inform their workers about this subject, converting these individuals into vigilant agents on the front line of defense. One way to do this is to educate them about the SCAN principle of mobile technology—Systems, Configurations, Apps and Networks: Systems: If employees use a mobile device as part of their job, they should make sure they’re running the latest version of the iOS or Android operating system. Older operating systems often have known security flaws an attacker can exploit. Configurations: Devices should be protected by a strong password. Users should also avoid “jailbreaking” their smartphones, as this can make the devices more vulnerable to attack. Apps: Your apps need to be tested and retested for security vulnerabilities before they are released to the public or implemented across your workforce. Apps should not store sensitive information on the device. If they absolutely must, developers need to make sure that the material is not stored in clear text or on an easy-to-find database. SSL/TSL protocols should be used to protect data in transit. Your employees should use only apps offered in Apple’s App Store or Google Play since they are far less likely to be bundled with malware. Employees should also be wary of apps that request excessive permissions, and they need to stay updated with the latest versions of their apps, as many vendors use new releases to patch existing security holes. Network: Casino staff should only use known and secure Wi-Fi networks. Attackers can use insecure or “open” Wi-Fi to intercept traffic and mine it for sensitive data. Implementing these measures will help you maintain the safety of your data and that of your customers with the same professionalism and integrity that casinos bring to other aspects of their work. That winning combination rewards both the house and her most respected players.