INDUSTRY INTERVIEW: CONTINENT 8 TECHNOLOGIES
Reducing the risk of cyber attacks
Neil Mead speaks to Patrick Gardner, Chief Security Offi cer at Continent 8 Technologies about how iGaming operators can improve their cybersecurity and protect themselves against the risks from cyber attacks.
What are the biggest cybersecurity threats currently facing the iGaming industry? The iGaming industry faces a myriad of cybersecurity threats, with the most prominent being Distributed Denial-of-Service (DDoS) attacks, ransomware and phishing schemes. DDoS attacks have been particularly prevalent over the last decade or so due to their ability to disrupt service and impact revenue streams signifi cantly. Additionally, the increasing sophistication of ransomware has led to higher stakes, as attackers can now exfi ltrate data before encrypting it, thereby increasing the pressure on victims to pay the ransom.
How do cyber threats in iGaming differ from those in other sectors?
Cyber threats in the iGaming sector are unique primarily due to the industry’s high-value targets and real-time nature. The huge growth in the industry with new regulated markets opening, coupled with the fact iGaming platforms handle large volumes of monetary transactions, makes it an attractive target for cyber criminals. Furthermore, the need for continuous uptime and seamless user experience makes iGaming platforms more vulnerable to attacks that can
cause immediate and noticeable disruptions. According to IBM’s 2024 Cost of a Data Breach Report, the estimated average cost of a data breach is in excess of 4.88 million USD.
What role does regulation and compliance play in securing iGaming platforms? Regulation and compliance are critical in securing platforms regardless of industry. Compliance frameworks such as ISO 27001 and PCI DSS provide structured guidelines that help operators implement robust security measures. Adhering to these regulations not only ensures legal compliance but also enhances trust among users and stakeholders.
iGaming is a heavily regulated industry, and each jurisdiction will set out its own standards in terms of requirements for data protection, fi nancial transactions and overall platform security. The different cybersecurity requirements make it incredibly complex for operators and suppliers to navigate. That’s why working with a cybersecurity company that truly understand the industry is incredibly important.
What the industry should consider to ensure the long-term safety and success of the industry is a common cybersecurity framework. By embracing this, we are not only protecting the integrity of the industry but also prioritising the privacy and protection of the industry’s data.
What are the most common attack vectors targeting online casinos and sportsbooks? Online casinos and sportsbooks are commonly targeted through phishing attacks, malware and DDoS attacks. Phishing remains a signifi cant threat as it can lead to credential theft and unauthorised access.
Ransomware is another threat, and we have seen large brands such as Caesars Entertainment fall victim to this. An affi liate of the Blackcat ransomware group that deploys their ALPHN malware during attacks accessed ‘Caesars’ Rewards’ loyalty program database, resulting in a $15 million payment to prevent sensitive information being made public.
How do you protect against DDoS attacks, which are common in the iGaming industry? The primary challenge in mitigating a DDoS
6 MARCH 2025 GIO
attack lies in differentiating between legitimate and malicious traffi c. For instance, a genuine increase in traffi c due to a product launch contrasts with a surge caused by known attackers.
These attacks are also multi-vector, utilising multiple pathways to inundate targets, thereby complicating the distinction between attack and normal traffi c.
To protect against DDoS attacks, iGaming operators should implement robust, multi- layered DDoS mitigation solutions. Multi-layered solutions ensure that if one layer is breached, additional layers are in place to prevent or mitigate the attack.
A multi-layered approach includes:
1. Coarse fi ltering: Ad-hoc upstream traffi c fi ltering and DDoS scrubbing
2. Medium fi ltering: Managed access control lists at the network edge
3. Medium/fi ne fi ltering: Layer 3 and 4 DDoS scrubbing
4. Fine fi ltering: Layer 7 Web Application and API Protection (WAAP) rate limiting and fi ltering
5. Polish: Traffi c delivery with Endpoint Detection and Response/Managed Detection and Response (EDR/MDR) solutions and managed updates and hardening
6. Log event monitoring and threat protection: Managed Security Operations Centre (MSOC) and Security Incident and Event Management (SIEM) threat detection and response We have been protecting customers from DDoS attacks for almost 20 years, and we have plenty of data to show how these attacks have changed and intensifi ed over the years. Our reports show record-breaking attack attempts on our customers with Q4 2022 being the most attacked quarter ever for Continent 8. In fact, we saw a more than 400% increase in DDoS attacks when comparing Q4 2021 with Q4 2022.
What measures do you recommend for preventing fraud and money laundering in online gaming?
Preventing fraud and money laundering in iGaming requires, again, a multi-layered approach. Implementing stringent Know Your Customer (KYC) processes, transaction monitoring systems and anti-fraud technologies are essential.
Page 1 |
Page 2 |
Page 3 |
Page 4 |
Page 5 |
Page 6 |
Page 7 |
Page 8 |
Page 9 |
Page 10 |
Page 11 |
Page 12 |
Page 13 |
Page 14 |
Page 15 |
Page 16 |
Page 17 |
Page 18 |
Page 19 |
Page 20 |
Page 21 |
Page 22 |
Page 23 |
Page 24 |
Page 25 |
Page 26 |
Page 27 |
Page 28 |
Page 29 |
Page 30 |
Page 31 |
Page 32 |
Page 33 |
Page 34 |
Page 35 |
Page 36 |
Page 37 |
Page 38 |
Page 39 |
Page 40 |
Page 41 |
Page 42 |
Page 43 |
Page 44 |
Page 45 |
Page 46 |
Page 47 |
Page 48 |
Page 49 |
Page 50 |
Page 51 |
Page 52 |
Page 53 |
Page 54 |
Page 55 |
Page 56 |
Page 57 |
Page 58 |
Page 59 |
Page 60 |
Page 61 |
Page 62 |
Page 63 |
Page 64
