Information security in the modern betting industry

Core Betting platform and information security #

When talking about informational security in the betting business, consider using a reliable SaaS betting platform that handles most of the security complexity for you, instead of doing all the heavy lifting yourself. NSoft got you covered here.

by Nikola Rakić, CTO at NSoft

NSoft is an international software company providing business solutions for the betting and gaming industry. Working with 300 people in a dynamic working environment presents various information security challenges. Recent changes in the way businesses operate in the light of pandemics and working remotely have additionally exacerbated these challenges. Being able to maintain a high level of security hygiene and to provide employees with proper tooling, education and training are of critical importance.

Our Betting platform operates on several different channels: both on-site (bet shops/terminal) and online (mobile/web) and consists of a large number of different microservices that run on heterogeneous infrastructure. All these layers can introduce potential security risks that must be properly addressed.

On top of all this, our client base is continuously growing and with that comes an even larger number of end-users which only adds to the overall complexity of our systems.

Security concerns in modern business #

Security breaches and data theft are omnipresent in today's world. In general, there are a number of different threats that may occur. These range from remote code execution, ransomware, malware and phishing attacks to DDoS and they pose a great threat to modern-day businesses.

Increasing awareness towards information security along with the implementation of proper tooling and procedures as well as timely planning have proven to be crucial.

The recent cybersecurity reports state that:

• Over 90% of information security breaches are caused by human error (according to Cybint),
• More than 80% of organizations worldwide have experienced spear phishing attempts in the past several years (according to Proofpoint),
• Over 85% of reported breaches have been financially motivated (according to Verizon),
• 45% of breaches featured hacking, 17% involved malware and 22% involved phishing (according to Verizon),
• The average cost of a data breach is $3.86 million as of 2020 (according to IBM),
• The average time to identify a breach in 2020 was 207 days (according to IBM).

Betting industry specifics #

The betting industry with its online presence is no exception to other types of businesses regarding information security risks involved. It is similar to the financial sector in the way that it too deals with vast amounts of money transactions and holds end user’s PII. The implications of potential security breaches should be obvious.

Internal and external security risk factors

It is of the utmost importance for us to keep our systems safe from both internal and external risk factors. This means protecting our data both in transit and at rest and also having reliable backup mechanisms and robust disaster recovery plans. In addition, security policies that include regular secret rotation, adhering to the principle of least privilege, proper encryption of data and similar are put in place.

Identifying the overall attack surface where potential unauthorized access could be attempted and keeping it as small as possible is one of the greatest challenges that we face today. Due to remote work policies that were introduced in the past period and the fact that we do a significant portion of our business over the online channels we have to be even more aware of the potential threats.

Fraud detection

An important aspect of our industry in regards to security is also fraud detection. This is something that we have to pay special attention to since we’re dealing with money transactions on a daily basis. Monitoring and alerting for specific events that may signal possible fraud attempts and then investigating further for false positives gives us the opportunity to react in a timely manner.

Network segmentation and clear access rights

Keeping our networks as safe as possible from external threats is another important aspect. In order to reduce the possibility of unauthorized access all of our systems can only be accessed via VPN. Our internal network is segmented in a way that only the privileged users can access needed resources.

Employing different strategies and tooling such as intrusion detection systems, security event management, periodic pentesting, using end-to-end encryption and zero-trust policy based systems for sharing information helps us have better visibility and observability of our systems as well as keeping our information as safe as possible.

Conclusion

Either you are a medium to large business or just starting your journey as an entrepreneur, you must take security into account and set it right from the beginning. Whether it is the physical security of your SSBT device or bet shop or the security of your online website, you will need to consider different security implications.

Instead of doing all the hard lifting yourself, consider using a reliable SaaS betting platform that handles most of the information security complexity for you. NSoft got you covered here. This way you can focus on what matters the most - your business.

Tags: