NSoft: Overcoming security challenges in the betting industry
Security breaches and data theft are ‘omnipresent’ in today’s world, said NSoft CTO Nikola Rakic, with the betting industry being no exception.
Writing for SBC News, Rakic – who heads up a tech team of more than 300 in a dynamic working environment at NSoft – explained why security challenges have been exacerbated by changes to the way businesses now operate in light of the Covid pandemic.
He also maps out internal and external security risk factors for betting businesses, before expanding on why ‘proper tooling’ for intrusion detection, security event management and periodic pentesting have helped to keep its information safe.
Security challenges – an overview
Being able to maintain a high level of security hygiene and provide employees with proper tooling, education and training are of critical importance – especially when we find ourselves living in an increasingly digital world.
But with this shift online comes a growing risk of security breaches. In general, there are a number of different threats which may occur. These range from remote code execution, ransomware, malware and phishing attacks to DDoS; they all pose a huge threat to modern-day businesses.
With this in mind, it’s crucial that we increase awareness of information security and also implement proper tooling, procedures and timely planning among our network of partners.
Recent data around cybersecurity has found that:
- Over 90% of information security breaches are caused by human error (Source: Cybint)
- More than 80% of organisations worldwide have experienced spear phishing attempts in the past several years (Source: Proofpoint)
- Over 85% of reported breaches have been financially motivated (Source: Verizon)
- 45% of breaches featured hacking, 17% involved malware and 22% involved phishing (Source: Verizon)
- The average cost of a data breach is $3.86 million as of 2020 (Source: IBM)
- The average time to identify a breach in 2020 was 207 days (Source: IBM).
Betting industry specifics
The online presence of the betting industry means that it is not exempt from security risks. It is similar to the financial sector in that it deals with vast amounts of money, transactions and holds end user’s PII. The implications of potential security breaches should be obvious.
Our betting platform operates on several different channels: both on-site (bet shops/terminal) and online (mobile/web) and consists of a large number of different microservices that run on heterogeneous infrastructure. All these layers can introduce potential security risks that must be properly addressed.
On top of all this, our client base is continuously growing. With that comes an even larger number of end users which only adds to the overall complexity of our systems.
Internal and external security risk factors
It is of the utmost importance for us to keep our systems safe from both internal and external risk factors. This means protecting our data and ensuring that we have reliable backup mechanisms and robust disaster recovery plans.
In addition, we must make sure that security policies are put in place – including regular secret rotation, adhering to the principle of least privilege and proper encryption of data.
But one of the greatest challenges that we face as an industry is identifying – and reducing – the overall attack surface where potential unauthorised access could be attempted.
Due to remote work policies that were introduced in the past 18 months, alongside the fact that we do a significant portion of our business over the online channels, we have to be even more aware of any potential threats.
Another important aspect of our industry is fraud detection. This is something that we have to pay special attention to since we’re dealing with money transactions on a daily basis.
Monitoring and alerting for specific events that may signal possible fraud attempts and then investigating further for false positives gives us the opportunity to react in a timely manner.
Network segmentation and clear access rights
Keeping our networks as safe as possible from external threats is another important aspect. In order to reduce the possibility of unauthorised access all of our systems can only be accessed via VPN. Our internal network is segmented in a way that only the privileged users can access needed resources.
Employing different strategies and tooling such as intrusion detection systems, security event management, periodic pentesting, using end-to-end encryption and zero-trust policy based systems for sharing information helps us have better visibility and observability of our systems as well as keeping our information as safe as possible.
Whether you are a medium to large business or just starting your journey as an entrepreneur, you must take security into account and get it right from the beginning.
Security should be considered for all aspects of your business; from the physical security of your SSBT device or bet shop to the security of your online website, you will need to consider different security implications.
Instead of doing all the hard lifting yourself, consider using a reliable SaaS betting platform that handles most of the security complexity for you. NSoft has got you covered. This way you can focus on what matters the most – your business.