Four questions for a casino InfoSec director

Recent cyberattacks at MGM Resorts and Caesars Entertainment have put the spotlight on cybersecurity practices at casinos – and the importance of educating employees on social engineering tactics.

With the CSO50 Conference + Awards coming to the We-Ko-Pa Casino Resort in Fort McDowell, Arizona, October 2-4, we asked Bill Tsoukatos, Information Technology Director at Fort McDowell Enterprises, which owns the resort, to tell us what it’s like to manage IT security at a casino property. Read on for his thoughts on AI, zero trust, and more.

How has the job of a casino security leader changed as games have become digitalized?

Interconnectivity of gaming systems have physically transitioned from serial-based connectivity to Ethernet-based standards over the years, allowing potential hackers easier access to the gaming and/or corporate network. Physical security of the Ethernet/fiber cabling, along with the switch hardware interconnecting today’s casino floors, has become a much bigger focus of IT security teams as direct physical access can often be the starting point for unauthorized access. At the same time, gaming systems have become built around large player databases requiring layers of network and application security to prevent data breaches or loss.

What’s on your data dashboard as the most important metrics?

From an IT security perspective, dashboards of the past were traditionally used to indicate metrics like system status (i.e., online, offline) or uptime; however, the most important metrics today are those that indicate abnormal trends or indications of compromise. Today’s networks are often evaluated for baseline trends and performance, typical traffic patterns and flows, and similar metrics defining “normal” behavior. IT security teams want to be notified of any abnormal behavior to evaluate and potentially mitigate any potential threats or attacks as quickly as possible.