New study on British cybercrime: security good, but also expandable

The British National Cyber Security Center – NCSC for short – published a new report last week. Accordingly, cyber security in the British lottery and gambling sector can be expanded, but still good. The fact that the cyber attacks are always better thought out could be a major challenge for the industry. Supply chains within the online gambling industry could also require a need for action for cyber security.

Procedure of the NCC

The NCSC study should show new knowledge regarding cyber security and threats for the British gambling and lottery industry. In addition to dealing with the security risks of the sector, the content and type of possible offenses were also asked. Actors within the online gambling and lottery sector in Great Britain were asked by the British market research institute Ipsos Mori on behalf of the National Cyber Security Center. It his one -hour interviews with eight significant cyber security experts “from some of the largest Gambling– and lottery organizations ”. This was carried out in spring 2020. There was also a broad virtual survey.

A little more than 50% of the respondents admitted that their company had to do with a cyber attack within the previous twelve months at least once. However, there were no considerable incidents. Some respondents also observed a temporal connection with an increase in attacks and the beginning of Corona pandemic. The DDOS attacks are particularly clear-with an increase of 600% at the beginning of pandemic. The websites for users should no longer be accessible by the targeted mass calling of the pages. In a successful attack, the perpetrators usually make a blackmail claim to the companies. But even if increased time effort follows it, the consequences have remained manageable. The majority states that the level of threat to the industry has not changed.

Cyber attacks such as credential stuffing, phishing and ransomware

All of the respondents had already had to do with hacking or the attempt against the respective company. Types such as credential Stuffing, in which hackers use the access data obtained for access to other websites, are recorded. Nevertheless, this type of hacking only has “limited” effects on the companies. But even if the “direct financial costs are quite negligible”, sustainable image damage could still arise.

According to an expert from a British betting provider, phishing attempts can be seen as a much greater challenge. In general, the companies are well equipped. In this way, users can easily infiltrate downloaded malware. Nevertheless, programs cannot prevent employees click on a link or unintentionally disclose access data. Therefore, the human factor for success is decisive.

Another type of cyber attack – ransomware – prevents access to the computer, as well as for organizations. As part of such attacks, the perpetrators usually require a payment to be able to use the computers again. In addition, the study quotes a security expert of one virtual gambling providers: “The development of ransomware is extremely worrying. […] The extent of the catastrophe that can occur if you are attacked by one of these groups is extremely worrying. The speed at which you can master your tasks is phenomenal. You have probably extracted and encrypted phenomenal amounts of data so that there is no real way out, even if you pay ransom to release everything. ”

Own measures good, supply chains more susceptible

With regard to their own companies, the respondents are confident and trust in the strength of their measures against cybercrime. Because their measures rarely went beyond the agreements with third parties, supply chains are the uncertainties. The reason for this is mainly missing contractual relationships between the third and fourth party and the other limbs of the supply chain. Even if there are difficulties in implementing the security standards on Big Player, the problem is being worked on. However, opinions differed in terms of forecasts of the greatest cyber threats. For example, artificial intelligence or insider attacks or play and betting manipulation would be regarded as dangers.