Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceHospitality & Casinos

How the cybersecurity threat landscape has changed and evolved in casinos

By Stephanie Benoit-Kurtz
Casino machine
November 4, 2021

With the exponential growth in the casino industry for on-ground and online betting, the industry has become a target for bad actors. According to Technavio’s latest U.S. market research, the industry is estimated to grow by $11.42 billion between 2021 and 2025. With billions of dollars at stake, bad actors are looking for any way to monetize attacks on casino gaming organizations. From ransom-related distributed denial of service attacks (RDDoS) to the exfiltration of customer data, casino operators must constantly be vigilant in protecting systems and data.

The threat landscape over the past 18 months has significantly changed in complexity and frequency of attacks. Long gone are the days when a lone wolf attacker was manually knocking at the door. Threats range from nation-state attacks to attacks as a service, in which very organized and sophisticated teams use automated tools and bots to scour networks, looking for a way to hack in through a variety of methods that range from social engineering and email to brute force attacks on the network. Organizations are getting hit millions of times a day, and all it takes is one careless user or unpatched vulnerability to start the cascading events of a ransomware attack or the exfiltration of customer data that can later be monetized either through a ransom threat or on the dark web.

These challenges become more complicated as the technology surrounding the industry has changed. Ten years ago, on-premises operations were the norm, but now threats are sprawled across the internet in gaming, block-chain-based games, online sports betting, mobile payments and mobile games. This complicated mix of on-premises and cloud environments that third-party organizations often provide has created vulnerabilities at every corner. Although there is little published data on casino breaches, they are happening. One of the most famous breaches was a Las Vegas organization whose player tracking database was exfiltrated off the trusted network through an IoT thermometer in a fish tank back in 2018. Since then, the frequency and scope of cyberattacks have significantly increased. From MGM in Las Vegas to Lucky Star in Oklahoma, casino systems are being breached and data is being exfiltrated and locked down with ransomware, leaving organizations unable to operate until significant efforts in system restoration have taken place.

The evolution of the environment and attack strategies used is rapidly changing over time. Ransomware, distributed denial of service attacks with a ransom attached, and theft of customer data continue to lead the types of attacks. Hackers can monetize player tracking databases quickly due to the quality of the personal data contained in those records. Casinos face loss of reputation and customer confidence if the data they collect somehow ends up on the dark web. This can have a considerable impact on organizations, ranging from loss of revenue to decreased shareholder value. The erosion of customer trust can take years to rebuild and cost organizations millions of dollars in lost revenue. 

According to Forbes, the casino industry revenue will surpass the $44B mark in 2021. Why wouldn’t the casino industry draw the attention of bad actors? It is not a matter of if the organization will eventually be hit; it is only a matter of when. The only difference between one organization and another is how prepared the organization is for an attack and how long it takes to respond to the incident once the cards are dealt. Organizations with strong, layered defense strategies that practice incident response plans, understand their third-party risk and conduct disaster recovery simulations throughout the year have a much higher chance of success in the business resumption process. Those casinos who fail to prepare a solid cybersecurity incident response plan roll the dice and take the chance that weeks of downtime could be a reality in the future. Just ask those organizations who have had to post signs like “Computer Systems are Down. Cash Only” what it was like after being down for several weeks.

With millions of dollars on the line, the casino industry is a target, and the threat landscape continues to grow. The real question is, how will the industry continue to respond to the changing threats?

This article originally ran in Today’s Cybersecurity Leader, a monthly cybersecurity-focused eNewsletter for security end users, brought to you by Security magazine. Subscribe here.

KEYWORDS: casino security cyber attack losses cyber security threat data breach costs emergency response incident recovery ransomware

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Stephanie benoit kurtz%5b1%5d

Stephanie Benoit-Kurtz is lead Area Faculty Chair for Cybersecurity Programs at the University of Phoenix Las Vegas Campus and Principal Security Consultant at Trace3.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Top Cybersecurity Leaders
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Logical Security
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Subscribe For Free!
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Pills spilled

More than 20,000 sensitive medical records exposed

Laptop in darkness

Verizon 2025 Data Breach Investigations Report shows rise in cyberattacks

Computer with binary code hovering nearby

Cyberattacks Targeting US Increased by 136%

White post office truck

Department of Labor Sues USPS Over Texas Whistleblower Termination

Internal computer parts

Critical Software Vulnerabilities Rose 37% in 2024

2025 Security Benchmark banner

Events

September 29, 2025

Global Security Exchange (GSX)

 

November 17, 2025

SECURITY 500 Conference

This event is designed to provide security executives, government officials and leaders of industry with vital information on how to elevate their programs while allowing attendees to share their strategies and solutions with other security industry executives.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cyber laptop freepik

    The pandemonium of the pandemic: How working from home has changed the cybersecurity formula

    See More
  • Security Professional

    How banks elevate security in the modern threat landscape

    See More
  • app security

    How DevOps has changed the way app security works (Part 2)

    See More
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing