In a recent industry panel, Caesars Senior Vice President Solaita issued a stark warning about the evolving nature of cybersecurity threats, emphasizing that these emerging dangers are fast becoming the new norm for corporations. Reflecting on the significant cyber-attack that occurred at Caesars in September of the previous year, Solaita elaborated on the importance of proactive and continuous education for employees as a pivotal defense strategy. She stressed the necessity for operators to frequently ask themselves how likely it is for a cyber event to occur within their organization.
“Unfortunately, I’ve realized that this is really going to be our new norm in this corporate space,” Solaita told the audience. “Education for the employees is so key in this space and training is clearly fundamental. But as much as you train and you try to be prepared, we’re seeing that some of these cyber events haven’t been all that sophisticated.” This sentiment pinpoints a critical issue: even less sophisticated attacks can yield substantial harm, underscoring the consistent need for vigilance.
The notorious cyber-attack on Caesars last year was initiated through a social engineering maneuver targeting an external IT support entity. Attackers successfully infiltrated the system, acquiring sensitive customer data, including a copy of Caesars’ loyalty program database which contained driver’s license numbers and social security numbers of various members.
Solaita underscored the inherent challenge in training staff to aptly identify cybersecurity threats, focusing on how many of these attacks exploit human error rather than just technological weaknesses. “It comes back to social engineering and you [can] find yourself frustrated because, although you train folks, for whatever reason I think some of that is fleeting and when they find themselves in the moment and they get a call, a request, or an instruction, some of that critical thinking is not so instinctive and they just go on autopilot,” Solaita remarked. She highlighted the need for continuous and effective educational efforts to ensure that employees understand the persistent risks and know how to act diligently at all times.
Adding to the conversation, Cory Fox, FanDuel’s Vice President for Product and New Market Compliance, pointed out the specialized challenges within the online gaming environment, where protecting extensive customer data remains a paramount concern.
. “We are investing heavily in online security. We certainly do a fair amount of cybersecurity training to the point that it’s annoying those of us who are pretty good at identifying phishing emails, but we get quite a few of them every month to make sure that we’re all staying on our toes,” Fox shared. His remarks highlight the importance of regular and rigorous training as a standard practice to keep the workforce alert.
Fox also noted that the simplistic nature of many recent cybersecurity attack strategies represents a significant risk, reiterating the necessity for constant vigilance and preparedness.
The escalating concern over cyber risk within the gaming industry was further corroborated by KPMG’s ‘State of Risk in the Gaming Industry’ report, which identifies an increasing anxiety among investors regarding cyber threats. This surge in concern has led the US Securities Exchange Commission (SEC) to introduce comprehensive new rules aimed at ensuring that companies follow strict guidelines on the timeliness, reliability, and effectiveness of their cyber-incident response plans.
In addition, the panel discussed the burgeoning risks associated with generative AI and the broader application of AI technologies in digital industries. Solaita characterized the efforts to regulate and understand the business use cases of generative AI within large organizations as significant, yet vital undertakings. “In a large organization, trying to put some guardrails around the usage [of generative AI] and then understanding the business use cases is a tremendous effort. I’m super excited about really leveraging it, but there are concerns, like who owns the data and who has access to the data? You don’t want to put your data privacy and protection at risk,” she commented.
The gravity of cybersecurity threats was further underscored by the financially devastating cyber attack that MGM faced on September 11, which forced the company to shut down specific systems, incurring a negative adjusted property EBITDAR impact of approximately $100 million.
In summation, the panel delivered a compelling reminder that cybersecurity is an ongoing challenge demanding continuous education, vigilance, and innovative strategies to safeguard sensitive data and maintain trust in an increasingly digital corporate environment. The insights shared by industry leaders like Solaita and Fox underscore the weight of this responsibility and the essential nature of robust cybersecurity frameworks.
