July 17, 2024 • 15 mins
Become a supporter of this podcast: https://www.spreaker.com/podcast/carmarthenshire-talking-newspaper--4421754/support.
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:00):
So we would like to please welcome to the stage.
David and Josh's.
Speaker 2 (00:10):
Emotion we can get and how happy we are. And
we've had.
Speaker 3 (00:13):
Previous providers that we're willing to do dinners with and
we get to that level everything, No, it's just.
Speaker 2 (00:20):
Not worth a risk.
Speaker 4 (00:21):
Yeah, And one of the things around that is you
can make the request of your suppliers, but are they
actually actually and are they following through a bit? I mean,
one of the things we discussed is visibility. You can
buy the best technology in the world. That technology can
alert you to every single thing that's happening. Somebody is
trying to help you. One of your users is trying
to download an Apple. It's not verified. But if nobody's
(00:44):
looking at these alerts, these events twenty four by seven,
then you could have whole periods of time where your
system's been compromised and you don't know about it. And
that kind of visibility is a crucial thing that but
technology in the world can't protect you from nobody looking
at it.
Speaker 3 (01:00):
Very true, and I think an easy early telltale sign
is when you ask for information. If they're not willing
to give you information, there's your first red flag.
Speaker 4 (01:10):
That's very true, very true, And that's focuses for everything,
not just cybersecurity as well.
Speaker 2 (01:15):
The compliance is a big things.
Speaker 3 (01:16):
About Yeah, yeah, one d percent perfect, all right, the
mate that's on, move to the next one.
Speaker 5 (01:22):
So now we've learned about that.
Speaker 3 (01:23):
The critical steps should have an operator take to minimize
these damages, especially directly after a breach, and then how
should they be communicated to like stake called as customers,
et cetera.
Speaker 4 (01:36):
Yeah, I mean, this is a massively extensive topic and
it comes down to understanding two things. Your obligation to
your customers and your obligation externally to your.
Speaker 2 (01:47):
Licensees and for people who grant you access into the market.
Speaker 4 (01:52):
So it's something that has to be planned so far
ahead at the time it's unreal. I mean one of
the things, you know, we're a technology company, so if
you ask our salespeople, they're so you're the best technology
in the world. But fundamentally there's three key things. There's
your people, your processes, and your technology. Technology is the
last thing. So the process is one of the things
(02:14):
we spend the most of our time doing. So it's
having do you have a run book for what happens
if what happens if somebody downloads the wrong app. What
happens if you get a data breach and it's keeping
that updated, it's running exercises, it's having a full campaign
and you can call them the tabletop exercise, a war
room and not just testing the systems, but running through Okay,
(02:38):
we've detected an event.
Speaker 2 (02:39):
Who do I escalate it to? Who do I notify internally?
Speaker 4 (02:42):
And then the worst wit is if you're a multi stage,
multi jurisdiction company, you have to map that out for
every single jurisdiction you operate in. And you know that
is one of the most time continuing, one of the
most important exercises you can undertake valuable, super valuable, and
the other The thing is, at a certain point in time,
you have to seek external expertise, be it for a
(03:05):
PR company to manage your messaging out to your users,
out to your partners. You know there are specialist companies
out there who are dedicated in crisis response, and it's
it's a decision that you know, do you try to
in the house that or it's one of those things
where it's probably worth.
Speaker 2 (03:21):
Outsourcing to especialist company will do something. Somebody on retain.
Speaker 3 (03:25):
And then would you say, in the work that you've
done in the past, if you come across like some
businesses who are brilliant playbooks and there set up so
well in this area that you could probably take elsewhere,
or even you could set up ever better.
Speaker 4 (03:41):
We have a couple of clients who that's the case,
and they tend to be ones that operate in verticals
outside of gaming as well as gaming. So if they
operate in a retail market, or if they have a
finance arm or some kind of fintech arm, they will
have some fairly heavy and some well rehearsed wrong books
and playbooks.
Speaker 2 (03:58):
Because nis is possible way gaining.
Speaker 4 (04:01):
Yes, there's a lot of regulation, but very little of
the regulation focuses on any kind of cybersecurity or cybersecurity
in some response, if you look outside of our industry,
there are massive requirements that.
Speaker 2 (04:14):
You know, we don't always mean as an industry.
Speaker 4 (04:16):
You read a lot of the technical rags around what
you should do and should as the word.
Speaker 2 (04:21):
You read some of the rugs and it says you
should ensure this is secure.
Speaker 4 (04:24):
Now that's not telling you anything. I'm not suggesting more regulation.
You will all pound me out the room if I
suggest more regulation. But there's well established frameworks for how
you should operate out there.
Speaker 2 (04:36):
There's ISO frameworks, there's this frameworks, and.
Speaker 4 (04:40):
The important thing is it gives you a guideline of
how you should structure a business when it comes to
not only the technology, but the process is the run books,
the notifications and all that kind of thing. We're not
telling people to reinvent the wheel here with just saying
there are standards out there. At some point in time,
they're going to come into our industry, and they should come.
Speaker 2 (04:58):
Into our industry by our own volition. We should work
and strive towards them before we're forced to do them.
If you want to operate in this market or that.
Speaker 3 (05:06):
Market, very true, and then you need to tell them
for your business as well.
Speaker 5 (05:12):
What works online is.
Speaker 2 (05:13):
Not going to work for yours, etc.
Speaker 4 (05:14):
Yeah that's true. You need to tail them and tailor them.
But also you may come to a situation where it's
not worth the price of entry into that market at
that particular time for years of line. If you know
you're trying to launch something and the requirements are two owners,
maybe it's not the time to go there.
Speaker 2 (05:29):
An unpopular opinion.
Speaker 4 (05:30):
But you know you're going to get found out at
a certain point in time, and yeah, you'd.
Speaker 5 (05:36):
Rather find out sooner around the moment.
Speaker 2 (05:37):
It's much more easier to do as a business that way.
That's true.
Speaker 4 (05:42):
And one of the things you know, I didn't cover
it earlier, but historically when you're looking at cyber attacks,
it's always been about data breaches. Somebody is going to
get your client data, try and ransom it or sell
it on the internet. It's reached the point now where
there's been so many large data breaches. There's one every
single day you read about in the news. The nicest
(06:03):
possible work. Your personal data is almost worthless at this
point in time. The big risk for you as an
organization and you as a company is somebody taking your
ability to operate away. So we're not talking about stealing
your data. We're trying to sell it. We're going to
say we'll get into your systems and we'll just lock
you out of it.
Speaker 2 (06:21):
If we lock.
Speaker 4 (06:21):
Access to your platform or lock amasis to your calm
or any of your systems, that's the big risk you.
Speaker 2 (06:28):
Ransomware as a hot topic, and that's what's happened.
Speaker 4 (06:30):
To a number of big names recently, and you know
there are you know, we have a number of people
in our security team who monitor sort.
Speaker 2 (06:40):
Forums and stuff that shall not be named.
Speaker 4 (06:42):
But there's active recruitment campaigns out there where they're incentiveting
mostly land based casinos at the moment, but staff there
to basically allow them to compromise in exchange for a
big forum. So active recruiting campaign currently targeted a land
based but they're going to come after lot online at
some point in time.
Speaker 6 (07:00):
Yeah.
Speaker 5 (07:00):
Wow. So while we are on prevention, let's talk about
moving into our business and training. What's the best way?
Speaker 2 (07:09):
And I would assume everyone in here has been through
the standard. You've got to do a course or are training.
Speaker 5 (07:15):
You've got the slides, you've got to answer the questions.
Speaker 2 (07:18):
At the end, there's a quiz.
Speaker 3 (07:20):
What do you feel is the best way for that
to happen internally for a business?
Speaker 5 (07:24):
Like, is there a way that we can judge that
up make.
Speaker 2 (07:27):
It more exciting?
Speaker 4 (07:28):
It's difficult to make exciting. Let's face it. Those training
videos that Microsoft push out there over the animated people,
they're super boring. Yeah, training is truly important. Your people
your biggest strength and your biggest weakness.
Speaker 2 (07:43):
There's very little.
Speaker 4 (07:44):
Way to make it exciting. You could make it exciting
by testing people. I mean, we run a constant exercises
internally with our clients where we trying.
Speaker 2 (07:53):
And send them, you know, fake emails.
Speaker 4 (07:55):
With download links, with some text messages or some of
the voicemails and I'll hold up my hand I forfouled
them often enough to get a slap on the wrist occasionally.
But it's it's the constant repetition and there's a certain
degree it's going to annoy some of your staff, but
it's crucial. You know, there are so many threat factors
out there that you have to train your staff, retrain
(08:17):
and incentivize them to do it.
Speaker 2 (08:19):
I'm not suggesting stick.
Speaker 4 (08:20):
I mean, I've been slapped a few times for clicking
on the wrong link, but you know, you've got to
incentivize them and make it a key objective and mandatory
for your staff to undertake the training, repetitive training. Unfortunately,
there's no sexy way to do it. There's no way
to make it interesting. It is just constant testing.
Speaker 5 (08:38):
Yeah, I mean, I was hoping for some goal from you.
Speaker 2 (08:42):
There. The one of the good things, well, what.
Speaker 3 (08:46):
I find fun at our work is they will send
them these tests, emails or whatever it may be, and
then if you report it correctly, like it cheerily, you've
done the correct thing.
Speaker 2 (08:56):
I've won.
Speaker 3 (08:57):
I've been the system. So that's probably the only fun
thing that we did that's true.
Speaker 2 (09:02):
I mean there's something I didn't cover that.
Speaker 4 (09:04):
Yes, it's great people can identify something that's trying to
fall them into clicking on the wrong link, But if
they don't report it to you as a security team
or you're as an IT team, if it's not a
training exercise, you won't know what's happening.
Speaker 2 (09:18):
And that's incredible. So that's probably one of the most
important things.
Speaker 4 (09:21):
You can do, is not only train your people, would
train them to report anything that's suspicious. You're better off
having a lot more false positives than you are than
be more downloading something dodgy.
Speaker 3 (09:31):
That's a good point, right, Let's move on to the future.
So future trends. So we've spoken about what threats have
happened in the past, What do you foresee happening in
the future.
Speaker 2 (09:43):
What does this look like?
Speaker 3 (09:44):
And you just mentioned one with the big point going
into online, I mean potentially going into online.
Speaker 5 (09:50):
What do you think that is going to be the future,
and how do we start.
Speaker 2 (09:54):
To appear for this?
Speaker 4 (09:57):
Okay, if I knew the true answer, it's either because
I'm generating the threats myself or.
Speaker 2 (10:03):
I've got a new suber great product and I'm going
to launch my own business.
Speaker 4 (10:06):
And at the moment, all we know is it's just
going to be more of the same, but with increased frequency.
Now I mentioned AI earlier. The programs out there are
like chat, GBT and some of the other ones they've launched.
They are not a direct threat. But what they've allowed
bad actors or the bad whatever you want to call them,
(10:28):
they've allowed them to ten or twenty x the amount
of targets they can target because for experiment purposes, you
can say, hey, Google, Gemini, write me a script to
target Live score with the Delos attacking and well do it.
Speaker 2 (10:40):
So that applitude, We're going to see more and more of.
Speaker 4 (10:43):
The same, which means we have to adopt similar but
different technologies to counteract it. So it's unfortunately going to
be more of the same, and getting the right technology
and partners to counteract it is going to be crucial
and fundamentally, there's a reason why a lot of these
things called zero dat runerabilities because nobody knows about them.
(11:03):
You've just got to have your process is nailed down,
have your people.
Speaker 2 (11:07):
Trained, and do the best you can.
Speaker 4 (11:10):
And the one last thing is, you know everyone loves
a pull to action, is we've got to be more
honest in sharing information amongst ourselves.
Speaker 2 (11:20):
As an industry.
Speaker 4 (11:21):
You know, we've got plenty of examples of people receiving
demands for ransom, you know, giving me five bit point
or I'll take your platform down. Now, there's plenty of
information within these ransoms that can be correlated to identify
the groups that are doing it.
Speaker 2 (11:36):
Until we start sharing more of.
Speaker 4 (11:39):
This information as an industry, we're all going to be
more at risk. So that's one of the things so
ignoring the threat lands agay. One of the best things
we can do right now is more open sharing. I'm
not talking about publishing it online, but more collaboration between
your information security offices at various other companies would be
a huge benefit to the industry. And you know, if
(11:59):
I'm allowed one of the plug we have a threat exchange,
which is a not a sales tool, it's a private
Slack channel that contains chief information security obviously and setops
from the number of brick brands. And the whole thing
is it's no reporting, closed doors sharing intelligence out there.
Speaker 2 (12:16):
We're not asking for trade, so you becus.
Speaker 4 (12:18):
We're just saying that you detecting an attack against one
of your platforms contains so much information that could be.
Speaker 2 (12:24):
Helpful to everyone else in the industry. We've all got
to target on our back.
Speaker 4 (12:28):
So the call to action is let's collaborate, let's share,
and we'll make it better for everyone.
Speaker 3 (12:34):
And I was just about to ask you that as well,
Like the first steps for us to be able to
do that, there's a great first step.
Speaker 5 (12:40):
What would happen? So for everyone who's.
Speaker 3 (12:42):
In this room at the moment, who might be thinking
it's a great idea, I want to jump aboard what
happens then? So if they join up that information, how
do they benefit from that from just giving that information
of what's happened to then their personal experience, what do
they get from that as well?
Speaker 5 (12:57):
Like what can they take away?
Speaker 4 (12:59):
So one of those important things around intelligence gathering is
it gives you the patterns, so you know, the way
we detect cybersecurity indidences around patterns. Have we seen this before?
Has this affected somebody else? Has it been targeted to out?
So if it's something new, the quicker, we can update
our platforms to all the other cybersecurity platforms can update.
Speaker 2 (13:20):
The better protected every well being. And it's sometimes seeding
down to simple things.
Speaker 4 (13:24):
You know, we've detected a credential stuffing attack against our
platform from this particular IP address in the Philippines. If
you notify that around everyone, everyone can be aware and
block that one.
Speaker 2 (13:36):
You know, it's simple, simple steps like that.
Speaker 5 (13:39):
Yeah, we should save a lot of time, a lot
of money.
Speaker 2 (13:42):
Yeah, it's one of the things.
Speaker 3 (13:44):
You know.
Speaker 4 (13:44):
We're all competitors, but we're all in this together as well.
You know, at a certain point in time.
Speaker 2 (13:48):
We have to help each other out. I definitely know that.
Speaker 5 (13:52):
All right, mate, Now time is up.
Speaker 2 (13:54):
We've made it.
Speaker 3 (13:55):
With a minute of spare. Thank you very much for joining.
Really appreciate it.
Speaker 5 (13:59):
I shall hand.
Speaker 2 (14:01):
Thank you very much. We've got time for a couple
of questions. Yes, we're just waiting for this right If
you can give us.
Speaker 1 (14:10):
Just one sectors of micro unner coming so we can
all hear your question, please and thank you.
Speaker 2 (14:15):
It's all longer. You mentioned the Philippines there, and we've
been running a lot.
Speaker 6 (14:20):
Of stories on casinos dot com on some of the
big busts and the side of criminals.
Speaker 2 (14:25):
North Korea, obviously, China.
Speaker 6 (14:27):
Russia are seen as some of the geolocations of the
main flat Do you identify those kinds? Have you got
a sort of a red set of alert for certain
areas of the world that you can potentially get more
from and then use IP IP blocking and all sorts
of things tools to mitigate that.
Speaker 4 (14:46):
Yeah, It's one of the simplest things you can do
to protecular systems is if you are an operator targeted
on the Dutch market and you're only ever going to
take bets from Dutch citizens, why do you have traffic
coming in from China, the Philippines, even the US. Just
block of that traffic and drop It's one of the
simplest things you can do. And identifying what your traffic.
Speaker 2 (15:07):
Normally looks like is crucial.
Speaker 4 (15:08):
So do you know where your players are, what platforms
they come through, And simplest thing you can do is
just drop everything else, you know, don't even let them
get into your system. So yeah, an identification is a
key thing and it's one of the things we do
on our platforms.
Speaker 2 (15:22):
And all the other it ps do. It's readily available
data and it's a simple thing to do. Thank you.
Speaker 1 (15:30):
Any other questions lots of juicy nuggets from this panel,
including your data is worthless. But you know, keeping your
eye on how to potentially what threats are there to
potentially disable you from operating is a thing to get
So we would like to please welcome to the stage.
David and Josh's.
Speaker 2 (00:10):
Emotion we can get and how happy we are. And
we've had.
Speaker 3 (00:13):
Previous providers that we're willing to do dinners with and
we get to that level everything, No, it's just.
Speaker 2 (00:20):
Not worth a risk.
Speaker 4 (00:21):
Yeah, And one of the things around that is you
can make the request of your suppliers, but are they
actually actually and are they following through a bit? I mean,
one of the things we discussed is visibility. You can
buy the best technology in the world. That technology can
alert you to every single thing that's happening. Somebody is
trying to help you. One of your users is trying
to download an Apple. It's not verified. But if nobody's
(00:44):
looking at these alerts, these events twenty four by seven,
then you could have whole periods of time where your
system's been compromised and you don't know about it. And
that kind of visibility is a crucial thing that but
technology in the world can't protect you from nobody looking
at it.
Speaker 3 (01:00):
Very true, and I think an easy early telltale sign
is when you ask for information. If they're not willing
to give you information, there's your first red flag.
Speaker 4 (01:10):
That's very true, very true, And that's focuses for everything,
not just cybersecurity as well.
Speaker 2 (01:15):
The compliance is a big things.
Speaker 3 (01:16):
About Yeah, yeah, one d percent perfect, all right, the
mate that's on, move to the next one.
Speaker 5 (01:22):
So now we've learned about that.
Speaker 3 (01:23):
The critical steps should have an operator take to minimize
these damages, especially directly after a breach, and then how
should they be communicated to like stake called as customers,
et cetera.
Speaker 4 (01:36):
Yeah, I mean, this is a massively extensive topic and
it comes down to understanding two things. Your obligation to
your customers and your obligation externally to your.
Speaker 2 (01:47):
Licensees and for people who grant you access into the market.
Speaker 4 (01:52):
So it's something that has to be planned so far
ahead at the time it's unreal. I mean one of
the things, you know, we're a technology company, so if
you ask our salespeople, they're so you're the best technology
in the world. But fundamentally there's three key things. There's
your people, your processes, and your technology. Technology is the
last thing. So the process is one of the things
(02:14):
we spend the most of our time doing. So it's
having do you have a run book for what happens
if what happens if somebody downloads the wrong app. What
happens if you get a data breach and it's keeping
that updated, it's running exercises, it's having a full campaign
and you can call them the tabletop exercise, a war
room and not just testing the systems, but running through Okay,
(02:38):
we've detected an event.
Speaker 2 (02:39):
Who do I escalate it to? Who do I notify internally?
Speaker 4 (02:42):
And then the worst wit is if you're a multi stage,
multi jurisdiction company, you have to map that out for
every single jurisdiction you operate in. And you know that
is one of the most time continuing, one of the
most important exercises you can undertake valuable, super valuable, and
the other The thing is, at a certain point in time,
you have to seek external expertise, be it for a
(03:05):
PR company to manage your messaging out to your users,
out to your partners. You know there are specialist companies
out there who are dedicated in crisis response, and it's
it's a decision that you know, do you try to
in the house that or it's one of those things
where it's probably worth.
Speaker 2 (03:21):
Outsourcing to especialist company will do something. Somebody on retain.
Speaker 3 (03:25):
And then would you say, in the work that you've
done in the past, if you come across like some
businesses who are brilliant playbooks and there set up so
well in this area that you could probably take elsewhere,
or even you could set up ever better.
Speaker 4 (03:41):
We have a couple of clients who that's the case,
and they tend to be ones that operate in verticals
outside of gaming as well as gaming. So if they
operate in a retail market, or if they have a
finance arm or some kind of fintech arm, they will
have some fairly heavy and some well rehearsed wrong books
and playbooks.
Speaker 2 (03:58):
Because nis is possible way gaining.
Speaker 4 (04:01):
Yes, there's a lot of regulation, but very little of
the regulation focuses on any kind of cybersecurity or cybersecurity
in some response, if you look outside of our industry,
there are massive requirements that.
Speaker 2 (04:14):
You know, we don't always mean as an industry.
Speaker 4 (04:16):
You read a lot of the technical rags around what
you should do and should as the word.
Speaker 2 (04:21):
You read some of the rugs and it says you
should ensure this is secure.
Speaker 4 (04:24):
Now that's not telling you anything. I'm not suggesting more regulation.
You will all pound me out the room if I
suggest more regulation. But there's well established frameworks for how
you should operate out there.
Speaker 2 (04:36):
There's ISO frameworks, there's this frameworks, and.
Speaker 4 (04:40):
The important thing is it gives you a guideline of
how you should structure a business when it comes to
not only the technology, but the process is the run books,
the notifications and all that kind of thing. We're not
telling people to reinvent the wheel here with just saying
there are standards out there. At some point in time,
they're going to come into our industry, and they should come.
Speaker 2 (04:58):
Into our industry by our own volition. We should work
and strive towards them before we're forced to do them.
If you want to operate in this market or that.
Speaker 3 (05:06):
Market, very true, and then you need to tell them
for your business as well.
Speaker 5 (05:12):
What works online is.
Speaker 2 (05:13):
Not going to work for yours, etc.
Speaker 4 (05:14):
Yeah that's true. You need to tail them and tailor them.
But also you may come to a situation where it's
not worth the price of entry into that market at
that particular time for years of line. If you know
you're trying to launch something and the requirements are two owners,
maybe it's not the time to go there.
Speaker 2 (05:29):
An unpopular opinion.
Speaker 4 (05:30):
But you know you're going to get found out at
a certain point in time, and yeah, you'd.
Speaker 5 (05:36):
Rather find out sooner around the moment.
Speaker 2 (05:37):
It's much more easier to do as a business that way.
That's true.
Speaker 4 (05:42):
And one of the things you know, I didn't cover
it earlier, but historically when you're looking at cyber attacks,
it's always been about data breaches. Somebody is going to
get your client data, try and ransom it or sell
it on the internet. It's reached the point now where
there's been so many large data breaches. There's one every
single day you read about in the news. The nicest
(06:03):
possible work. Your personal data is almost worthless at this
point in time. The big risk for you as an
organization and you as a company is somebody taking your
ability to operate away. So we're not talking about stealing
your data. We're trying to sell it. We're going to
say we'll get into your systems and we'll just lock
you out of it.
Speaker 2 (06:21):
If we lock.
Speaker 4 (06:21):
Access to your platform or lock amasis to your calm
or any of your systems, that's the big risk you.
Speaker 2 (06:28):
Ransomware as a hot topic, and that's what's happened.
Speaker 4 (06:30):
To a number of big names recently, and you know
there are you know, we have a number of people
in our security team who monitor sort.
Speaker 2 (06:40):
Forums and stuff that shall not be named.
Speaker 4 (06:42):
But there's active recruitment campaigns out there where they're incentiveting
mostly land based casinos at the moment, but staff there
to basically allow them to compromise in exchange for a
big forum. So active recruiting campaign currently targeted a land
based but they're going to come after lot online at
some point in time.
Speaker 6 (07:00):
Yeah.
Speaker 5 (07:00):
Wow. So while we are on prevention, let's talk about
moving into our business and training. What's the best way?
Speaker 2 (07:09):
And I would assume everyone in here has been through
the standard. You've got to do a course or are training.
Speaker 5 (07:15):
You've got the slides, you've got to answer the questions.
Speaker 2 (07:18):
At the end, there's a quiz.
Speaker 3 (07:20):
What do you feel is the best way for that
to happen internally for a business?
Speaker 5 (07:24):
Like, is there a way that we can judge that
up make.
Speaker 2 (07:27):
It more exciting?
Speaker 4 (07:28):
It's difficult to make exciting. Let's face it. Those training
videos that Microsoft push out there over the animated people,
they're super boring. Yeah, training is truly important. Your people
your biggest strength and your biggest weakness.
Speaker 2 (07:43):
There's very little.
Speaker 4 (07:44):
Way to make it exciting. You could make it exciting
by testing people. I mean, we run a constant exercises
internally with our clients where we trying.
Speaker 2 (07:53):
And send them, you know, fake emails.
Speaker 4 (07:55):
With download links, with some text messages or some of
the voicemails and I'll hold up my hand I forfouled
them often enough to get a slap on the wrist occasionally.
But it's it's the constant repetition and there's a certain
degree it's going to annoy some of your staff, but
it's crucial. You know, there are so many threat factors
out there that you have to train your staff, retrain
(08:17):
and incentivize them to do it.
Speaker 2 (08:19):
I'm not suggesting stick.
Speaker 4 (08:20):
I mean, I've been slapped a few times for clicking
on the wrong link, but you know, you've got to
incentivize them and make it a key objective and mandatory
for your staff to undertake the training, repetitive training. Unfortunately,
there's no sexy way to do it. There's no way
to make it interesting. It is just constant testing.
Speaker 5 (08:38):
Yeah, I mean, I was hoping for some goal from you.
Speaker 2 (08:42):
There. The one of the good things, well, what.
Speaker 3 (08:46):
I find fun at our work is they will send
them these tests, emails or whatever it may be, and
then if you report it correctly, like it cheerily, you've
done the correct thing.
Speaker 2 (08:56):
I've won.
Speaker 3 (08:57):
I've been the system. So that's probably the only fun
thing that we did that's true.
Speaker 2 (09:02):
I mean there's something I didn't cover that.
Speaker 4 (09:04):
Yes, it's great people can identify something that's trying to
fall them into clicking on the wrong link, But if
they don't report it to you as a security team
or you're as an IT team, if it's not a
training exercise, you won't know what's happening.
Speaker 2 (09:18):
And that's incredible. So that's probably one of the most
important things.
Speaker 4 (09:21):
You can do, is not only train your people, would
train them to report anything that's suspicious. You're better off
having a lot more false positives than you are than
be more downloading something dodgy.
Speaker 3 (09:31):
That's a good point, right, Let's move on to the future.
So future trends. So we've spoken about what threats have
happened in the past, What do you foresee happening in
the future.
Speaker 2 (09:43):
What does this look like?
Speaker 3 (09:44):
And you just mentioned one with the big point going
into online, I mean potentially going into online.
Speaker 5 (09:50):
What do you think that is going to be the future,
and how do we start.
Speaker 2 (09:54):
To appear for this?
Speaker 4 (09:57):
Okay, if I knew the true answer, it's either because
I'm generating the threats myself or.
Speaker 2 (10:03):
I've got a new suber great product and I'm going
to launch my own business.
Speaker 4 (10:06):
And at the moment, all we know is it's just
going to be more of the same, but with increased frequency.
Now I mentioned AI earlier. The programs out there are
like chat, GBT and some of the other ones they've launched.
They are not a direct threat. But what they've allowed
bad actors or the bad whatever you want to call them,
(10:28):
they've allowed them to ten or twenty x the amount
of targets they can target because for experiment purposes, you
can say, hey, Google, Gemini, write me a script to
target Live score with the Delos attacking and well do it.
Speaker 2 (10:40):
So that applitude, We're going to see more and more of.
Speaker 4 (10:43):
The same, which means we have to adopt similar but
different technologies to counteract it. So it's unfortunately going to
be more of the same, and getting the right technology
and partners to counteract it is going to be crucial
and fundamentally, there's a reason why a lot of these
things called zero dat runerabilities because nobody knows about them.
(11:03):
You've just got to have your process is nailed down,
have your people.
Speaker 2 (11:07):
Trained, and do the best you can.
Speaker 4 (11:10):
And the one last thing is, you know everyone loves
a pull to action, is we've got to be more
honest in sharing information amongst ourselves.
Speaker 2 (11:20):
As an industry.
Speaker 4 (11:21):
You know, we've got plenty of examples of people receiving
demands for ransom, you know, giving me five bit point
or I'll take your platform down. Now, there's plenty of
information within these ransoms that can be correlated to identify
the groups that are doing it.
Speaker 2 (11:36):
Until we start sharing more of.
Speaker 4 (11:39):
This information as an industry, we're all going to be
more at risk. So that's one of the things so
ignoring the threat lands agay. One of the best things
we can do right now is more open sharing. I'm
not talking about publishing it online, but more collaboration between
your information security offices at various other companies would be
a huge benefit to the industry. And you know, if
(11:59):
I'm allowed one of the plug we have a threat exchange,
which is a not a sales tool, it's a private
Slack channel that contains chief information security obviously and setops
from the number of brick brands. And the whole thing
is it's no reporting, closed doors sharing intelligence out there.
Speaker 2 (12:16):
We're not asking for trade, so you becus.
Speaker 4 (12:18):
We're just saying that you detecting an attack against one
of your platforms contains so much information that could be.
Speaker 2 (12:24):
Helpful to everyone else in the industry. We've all got
to target on our back.
Speaker 4 (12:28):
So the call to action is let's collaborate, let's share,
and we'll make it better for everyone.
Speaker 3 (12:34):
And I was just about to ask you that as well,
Like the first steps for us to be able to
do that, there's a great first step.
Speaker 5 (12:40):
What would happen? So for everyone who's.
Speaker 3 (12:42):
In this room at the moment, who might be thinking
it's a great idea, I want to jump aboard what
happens then? So if they join up that information, how
do they benefit from that from just giving that information
of what's happened to then their personal experience, what do
they get from that as well?
Speaker 5 (12:57):
Like what can they take away?
Speaker 4 (12:59):
So one of those important things around intelligence gathering is
it gives you the patterns, so you know, the way
we detect cybersecurity indidences around patterns. Have we seen this before?
Has this affected somebody else? Has it been targeted to out?
So if it's something new, the quicker, we can update
our platforms to all the other cybersecurity platforms can update.
Speaker 2 (13:20):
The better protected every well being. And it's sometimes seeding
down to simple things.
Speaker 4 (13:24):
You know, we've detected a credential stuffing attack against our
platform from this particular IP address in the Philippines. If
you notify that around everyone, everyone can be aware and
block that one.
Speaker 2 (13:36):
You know, it's simple, simple steps like that.
Speaker 5 (13:39):
Yeah, we should save a lot of time, a lot
of money.
Speaker 2 (13:42):
Yeah, it's one of the things.
Speaker 3 (13:44):
You know.
Speaker 4 (13:44):
We're all competitors, but we're all in this together as well.
You know, at a certain point in time.
Speaker 2 (13:48):
We have to help each other out. I definitely know that.
Speaker 5 (13:52):
All right, mate, Now time is up.
Speaker 2 (13:54):
We've made it.
Speaker 3 (13:55):
With a minute of spare. Thank you very much for joining.
Really appreciate it.
Speaker 5 (13:59):
I shall hand.
Speaker 2 (14:01):
Thank you very much. We've got time for a couple
of questions. Yes, we're just waiting for this right If
you can give us.
Speaker 1 (14:10):
Just one sectors of micro unner coming so we can
all hear your question, please and thank you.
Speaker 2 (14:15):
It's all longer. You mentioned the Philippines there, and we've
been running a lot.
Speaker 6 (14:20):
Of stories on casinos dot com on some of the
big busts and the side of criminals.
Speaker 2 (14:25):
North Korea, obviously, China.
Speaker 6 (14:27):
Russia are seen as some of the geolocations of the
main flat Do you identify those kinds? Have you got
a sort of a red set of alert for certain
areas of the world that you can potentially get more
from and then use IP IP blocking and all sorts
of things tools to mitigate that.
Speaker 4 (14:46):
Yeah, It's one of the simplest things you can do
to protecular systems is if you are an operator targeted
on the Dutch market and you're only ever going to
take bets from Dutch citizens, why do you have traffic
coming in from China, the Philippines, even the US. Just
block of that traffic and drop It's one of the
simplest things you can do. And identifying what your traffic.
Speaker 2 (15:07):
Normally looks like is crucial.
Speaker 4 (15:08):
So do you know where your players are, what platforms
they come through, And simplest thing you can do is
just drop everything else, you know, don't even let them
get into your system. So yeah, an identification is a
key thing and it's one of the things we do
on our platforms.
Speaker 2 (15:22):
And all the other it ps do. It's readily available
data and it's a simple thing to do. Thank you.
Speaker 1 (15:30):
Any other questions lots of juicy nuggets from this panel,
including your data is worthless. But you know, keeping your
eye on how to potentially what threats are there to
potentially disable you from operating is a thing to get
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com
CrimeLess: Hillbilly Heist
It’s 1996 in rural North Carolina, and an oddball crew makes history when they pull off America’s third largest cash heist. But it’s all downhill from there. Join host Johnny Knoxville as he unspools a wild and woolly tale about a group of regular ‘ol folks who risked it all for a chance at a better life. CrimeLess: Hillbilly Heist answers the question: what would you do with 17.3 million dollars? The answer includes diamond rings, mansions, velvet Elvis paintings, plus a run for the border, murder-for-hire-plots, and FBI busts.