A year without breaches:
Starting on January 1st 2023, all state casinos will be obliged to protect everyone included in the work of the casino – employees, customers, and themselves. After a few security breaches that took place worldwide, the good news is that casinos will be protected from cyberattacks moving forward.
According to the regulation, state casinos will be required to develop risk assessment plans by the end of the next year. The plans will be updated at least once a year. The amended regulation includes the way operators will have to report any cyberattacks to the authorities.
This news is related to over 400 nonrestricted casino operators in the area at a meeting that took place on Thursday when the Nevada Resorts Association and the Association of Gaming Equipment Manufacturers approved the regulation without any objections. The new regulation had public hearings in the fall.
Although many major casinos already have data protection built into their systems and can prevent any data breach, resorts still have problems with a range of hackers and cyber thieves.
In 2015, Hard Rock Hotel, which is now placed in a chain of Virgin Hotels Las Vegas, survived a data breach. Back then, the company alerted its customers to take care of amounts on their credit cards during the period of 7 months – from September 3rd to April 2nd.
Casino operators and licensed operators of sportsbooks can protect themselves in many ways. The regulation didn’t say precisely what they are supposed to do but advised them to develop: “the cybersecurity best practices it deems appropriate.”
Speaking about licensees, they added that every one of them “shall continue to monitor and evaluate cybersecurity risks to its business operation on an ongoing basis and shall modify its cybersecurity best practices and risk assessments as it deems appropriate” after performing the initial risk assessment.
If a cyberattack occurs and leads to a data breach, the casinos must contact the Nevada Gaming Control Board within 72 hours. Their explanation will have to contain an explanation of the breach’s roots, its extent, and the subsequent actions that can minimize the damage and prevent other violations from happening.
President of the Nevada Resorts Association, Virginia Valentine, said that few association members have been to previous meetings where this topic has been discussed. She added that their comments were added to the amended regulation, but she didn’t further comment on the amendment.
Daron Dorsey, executive director of the Association of Gaming Equipment Manufacturers, said that his organization sent a letter to the commission on November 21st. They suggested eight revisions to the document, and they were approved. Most of them were clarifications to stated policies.