Cyber-security adaptations in a Covid-19 world

Across the world, we are seeing businesses shift their operations to be able to support remote working in the new Covid-19 reality. How successful companies have been in transitioning to this new model has been critical in navigating these difficult times.

However, this transition has led to all technology focused companies, including betting operators, to be more exposed to cyber-security threats.

To support remote working, IT systems are focusing on opening-up to allow employees fast and seamless access. From a security perspective, it means services with a high business impact are more exposed to all employees or, sometimes, to the public internet.

The area that businesses are most vulnerable in is data confidentiality. Even if you have a vast amount of DLP (data leakage prevention) controls in place, it is impossible to guarantee 100% secrecy. Employees’ presence in the office defines ethics limitations and policy obligations, whereas at home these can’t be enforced and monitored to the same degree.

Operators which are most at risk are those that lack their own IT equipment for employees to work remotely, which requires them to grant access for employees’ personal computers. This brings large scale risk as uncontrolled personal devices can bring threats with malware and viruses.

Companies that have access to personal devices and services exposed to the public internet will be particularly vulnerable to security threats. Figures show that Remote Desktop Protocol (RDP) and Virtual Private Network (VPN) are up by 40% and 33% respectively across the world since the beginning of the pandemic.

In terms of external threats, there has been a rise in phishing campaigns centred around the pandemic and trying to exploit unprotected end-user devices. These criminals often target the most publicly critical platforms or those who will be most impacted by cyber-security threats.

I expect to see a rise of ‘distributed denial of services’ (DDoS) attacks where cyber criminals disable the remote services software that we have become so dependent on and blackmail us. Also, we can expect to see more attacks from within third-party software as the toolkits we are using for our communications extend and brings new attack vectors.

The betting industry has more legacy services and applications than other technology sectors, which makes it more vulnerable to attacks.  It is crucial that all companies reconsider proper access security for all applications, completely revising cyber-security plans from a remote work perspective and re-evaluating different risk threats.

It is particularly important to add extra verification to your remote services by adopting multi-factor authentication (MFA) for remote access and to focus on its resilience against DDoS attacks.  Finally, I would recommend re-educating employees about security awareness by reminding them of best practices to help protect themselves and the business.

At Parimatch we have basically followed this step-by-step guidance. It ended up with us re-prioritising some planned cyber-security activities where we believe the threat has now increased. We updated passwords to keep employees focused on security and revised access control lists (ACLs). We are also planning to extend employee awareness security programmes with gamification, a new product and focus for the business.

Parimatch develops its own software platform, which means we can solve any security risks quickly. Those who use third-party solutions for their software need to ensure heightened cyber-security is prioritised in this new reality. There is a lot for operators to be concerned about during this crisis but it is not the time to let our guard down to cyber threats.

 Andrey Chigarkin is Parimatch’s chief information officer, responsible for all IT operations. He joined Parimatch over three years ago as chief information security officer where he developed and implemented Parimatch’s cyber-security strategy.