The EL/WLA Security Seminar: Challenges on the Horizon – Be Prepared!

Challenges on the Horizon – Be Prepared!” began with the keynote speech describing how there are only two types of organisations: those that have been hacked, and those that will be. The IOT (Internet of Things) will come to represent the Internet of Threats.
gallegoweb

Ramses Gallego, Security Strategist & Evangelist; Past international President, ISACA, Board of Directors.

The joint EL/WLA Security Seminar (Malaga 18 – 20 October), titled “Challenges on the Horizon – Be Prepared!” and graciously hosted by SELAE Spain, was a fabulous success.  A record number of participants from all regions of the world attended and engaged in a highly interactive and productive workshop led by twenty-five experts and leaders in the security field.

The keynote speech by Ramses Gallego (Security Strategist & Evangelist; Past international President, ISACA, Board of Directors) described how there are only two types of organisations: those that have been hacked, and those that will be. The IOT (Internet of Things) will come to represent the Internet of Threats. There is already an average of thirteen enterprise security breaches every day, resulting in roughly 10 million records lost a day—or 420,000 every hour. And that’s now – the IOT future will usher in an explosion in the number of device connections which will create entirely new levels of risk and vulnerability to hacking.

Examples:  Security experts Chris Valasek and Charlie Miller grabbed headlines with their research on the vulnerability of connected cars when they hacked into a Toyota Prius and a Ford Escape using a laptop plugged into the vehicle’s diagnostic port. This allowed them to manipulate the cars headlights, steering, and breaking.  The massive domain name hack that recently disrupted service at major websites like Netflix, Amazon, Twitter, Reddit and others was made possible by poorly protected IOT devices.  Systems need protection against new points of vulnerability and increasingly sophisticated methods of attack.  Thankfully, Mr Gallego’s warnings of dire challenges and potential consequences were presented in a most engaging and entertaining fashion!

thierry-pujol-fdj-lottery

Thierry Pujol, FDJ and Chair of WLA Security and Risk Management Committee.

_acr3621

Bin Han, GM of the Beijing Zhongcai Printing Company.

 

 

 

 

 

 

 

_acr3572

Danielle Van Emmerik, Senior Auditor, Nederlandse Loterij, Nederland Netherlands.

Thierry Pujol, FDJ and Chair of WLA Security and Risk Management Committee outlined the proposed changes for the next version of the WLA Security Control Standard (SCS) which were again discussed at the WLA General Assembly Singapore. These include additions for online, sports betting, electronic draws, and VLT’s.

Danielle Van Emmerik (Senior Auditor, Nederlandse Loterij, Nederland Netherlands), Evangelos Cosmidis (Financial Unit / Procurement & Quality Division Director, OPAP, Greece)  and Declan Murray (Security and Compliance Manager, Premier Lotteries Ireland) shared their experiences with various aspects of the WLA  SCS Certification process. The main theme was to prepare well and keep all colleagues and stakeholders fully informed at all stages of the process. Bin Han, GM of the Beijing Zhongcai Printing Company, described the certification process for a printing company and noted how important it was for their customers to know that they had the WLA SCS Certification.

The presentations on Personal Data Protection included a detailed description by Calvo Medina (IT Area Head of the Spanish Data Protection Authority), Franz-Joseph Wichmann (WestLotto), Johannes Puchinger (Austrian Lottery) and addressed both the big-picture importance of Personal Data Protection and detailed the practical applications of tools to provide such protection.  The speakers agreed that it is both efficient and practical to combine or create synergy between the functions of Privacy and Security.

The Partner/Supplier presentations from INTRALOT, Novomatic, IGT, Playtech and Scientific Games were particularly interesting and should have well reassured the participants that their suppliers were on top of the subject and were already planning systems that are keeping the government-gaming business protected from and ahead of the cyber-criminals of the future.

_acr3850

Manuel Gonzales Barreda, Director Fiscal Adjunto, SELAE, Spain.

_acr3644

Calvo Medina, IT Area Head of the Spanish Data Protection Authority.

 

 

 

 

 

 

 

_acr3585

Evangelos Cosmidis, Financial Unit / Procurement & Quality Division Director, OPAP, Greece.

Jean-Jacques Riera (Mission Head, Information Security, FDJ, France), Maurizio Rubini (Lottomatica, Italy), and Manuel Gonzales Barreda (Director Fiscal Adjunto, SELAE, Spain) presented on anti-money laundering where a “risk-based approach” was praised as a good solution.  These were followed by Antonio Gorrasi on the Italian approach and developments for protection, privacy and cybersecurity in Italy.

Gunnar Ewald (Chief Audit Executive, Vice President, LOTTO Hamburg GmbH) gave his traditional annual review of recent security issues worldwide and there followed some excellent presentations and an animated and robust round-table on “Trust and Assurance – RNG/Electronic Draws” comprised of Lotteries (FDJ, Loterie Romande, SELAE) and Suppliers/Certifiers (GLI, Smartplay, and Szrek2Solutions). Carlos Bachmaier (SELAE) presented a most informative review of existing standards for RNG’s and a comprehensive set of references for relevant articles. These details, together with all the presentations are available online to all of the participants at the Seminar.

The Seminar concluded with a practical hands-on workshop on the European Lottery Risk Tool supported by members of the EL POS Working Group.

Ray Bates, Honorary EL Chair, moderated.

qa190667

Related Articles

View all

Synopsis

Français
Le séminaire EL/WLA sur la sécurité s’est déroulé à Malaga du 18 au 20 octobre.  Le séminaire conjoint EL/WLA sur la sécurité intitulé « Défis à l’horizon ‑ Soyez prêts ! » et gracieusement accueilli par SELAE Espagne, a été un franc succès. Un nombre record de participants de toutes les régions du monde a participé à un atelier hautement interactif et productif conduit par 25 experts et dirigeants dans le domaine de la sécurité. Le discours d’ouverture de Ramses Gallego (stratège en sécurité et évangéliste, ancien président international, ISACA, Conseil d’administration) a décrit les deux types d’organisations : celles qui ont été piratées et celles qui le seront. L’IOT (Internet of Things [Internet des choses]) viendra représenter l’Internet of Threats (Internet des menaces). Il y a déjà en moyenne, chaque jour, 13 failles de sécurité en entreprises, provoquant la perte d’environ 10 millions d’enregistrements par jour ‑ soit 420 000 toutes les heures. Et c’est maintenant ‑ l’avenir de l’IOT marquera le début d’une explosion dans le nombre de connexions qui créera des niveaux jamais atteints de risque et de vulnérabilité au piratage. Thierry Pujol, FDJ et président du Comité de sécurité et de gestion des risques de la WLA a présenté les changements proposés pour la prochaine version du norme de contrôle de sécurité (Security Control Standard, SCS) de la WLA qui a été à nouveau discuté à l’assemblée générale de la WLA à Singapour. Il s’agit notamment d’ajouts pour les paris en ligne, les paris sportifs, les tirages électroniques et les VLT (Video lottery terminals [terminaux de loterie vidéo]). La protection des données personnelles a été abordée généralement ainsi que dans le cadre des applications pratiques des outils permettant de fournir une telle protection. Les intervenants sont convenu qu’il est à la fois efficace et pratique de combiner ou de créer une synergie entre les fonctions de protection des renseignements personnels et de sécurité. Les présentations partenaires/fournisseurs INTRALOT, Novomatic, IGT, Playtech et Scientific Games étaient particulièrement intéressantes et devraient avoir bien assuré aux participants que leurs fournisseurs sont spécialistes du sujet et qu’ils planifient déjà des systèmes qui protègent le secteur de la loterie des cyber-criminels du futur, en maintenant même une longueur d’avance sur eux.
Español
Seminario de seguridad de Loterías Europeas y WLA convocado en Málaga del 18 al 20 de octubre.  El Seminario de seguridad de Loterías Europeas y WLA, titulado “Retos en el horizonte – ¡Esté preparado!” y amablemente organizado por SELAE España fue todo un éxito. Contó con la asistencia de un número récord de participantes de todas partes del mundo, que se implicaron en un taller altamente interactivo y productivo conducido por veinticinco expertos y líderes en el campo de la seguridad. Ramsés Gallego (estratega y gurú de la seguridad, antiguo presidente internacional del comité directivo de ISACA) indicó, en la conferencia inaugural, que solo existen dos tipos de organizaciones: aquellas que han sido hackeadas y aquellas que lo serán en el futuro. El IoT (Internet de las Cosas) llegará a ser el Internet de las Amenazas. Actualmente se producen, de media, unas trece brechas de seguridad empresariales al día que producen, aproximadamente, 10 millones de registros perdidos cada día, o 420 000 cada hora. Y eso es ahora; el futuro Internet de las Cosas supondrá una explosión en cuanto al número de dispositivos conectados, y creará nuevos niveles de riesgo y vulnerabilidad al hacking. Thierry Pujol, FDJ y Director del Comité de gestión de riesgos de WLA, subrayó los cambios propuestos para la nueva versión del Estándar de Control de Seguridad (Security Control Standard, SCS) de WLA, que se discutieron de nuevo en la Asamblea General de WLA en Singapur. Estos cambios incluyen adiciones para el juego online, apuestas deportivas, sorteos electrónicos y VLT. Se habló de la protección de datos personales, tanto a gran escala como en la aplicación práctica de las herramientas que ofrecen dicha protección. Los conferenciantes indicaron que es eficiente y práctico combinar o crear sinergias entre las funciones de privacidad y seguridad. Las presentaciones de socios/proveedores por parte de INTRALOT, Novomatic, IGT, Playtech y Scientific Games fueron particularmente interesantes; los participantes obtuvieron confirmación de primera mano de que sus proveedores están a la vanguardia en cuanto a este tema, y ya están planeando sistemas que mantengan al sector de la lotería protegido de los ciberdelincuentes del futuro.
Deutsch
Das EL/WLA-Sicherheitsseminar findet vom 18. bis 20. Oktober in Malaga statt.  Das gemeinsame EL/WLA-Sicherheitsseminar mit dem Titel „Herausforderungen am Horizont – seien Sie vorbereitet!“ und liebenswürdig organisiert von SELAE Spanien war ein fabelhafter Erfolg. Eine Rekordzahl an Teilnehmern aus allen Regionen der Welt besuchte und engagierte sich in einem hoch interaktiven und produktiven Workshop mit fünfundzwanzig Experten und Führungskräften im Bereich Sicherheit. Der Keynote-Vortrag von Ramses Gallego (Sicherheitsstratege & Evangelist; ehemaliger internationaler Präsident, ISACA, Board of Directors) beschrieb, dass es nur zwei Arten von Organisationen gibt: solche, die schon gehackt wurden, und solche, die es noch werden. Das IOT (Internet of Things [Internet der Dinge]) wird bald als Internet of Threats (Internet der Bedrohungen) angesehen. Es gibt bereits einen Durchschnitt von dreizehn unternehmensbezogenen Sicherheitsverletzungen jeden Tag, was zu rund 10 Millionen verlorenen Datensätzen pro Tag bzw. 420.000 pro Stunde führt. Und das ist heute – die IOT‑Zukunft wird eine Explosion in der Anzahl von Geräteverbindungen einleiten, die völlig neue Risiken und Anfälligkeiten für Hacking schaffen. Thierry Pujol, FDJ und Vorsitzender des WLA-Ausschusses für Sicherheit und Risikomanagement, skizzierte die vorgeschlagenen Änderungen für die nächste Version des WLA Sicherheitsstandards (Security Control Standards, SCS), die auf der WLA-Generalversammlung in Singapur erneut erörtert wurden. Dazu gehören Ergänzungen für Online- und Sportwetten, elektronische Ziehungen und VLTs. Der Schutz personenbezogener Daten wurde sowohl im großen Rahmen als auch in der praktischen Anwendung von Tools zur Gewährleistung eines solchen Schutzes thematisiert. Die Sprecher waren sich einig, dass es sowohl effizient als auch praktisch ist, Synergien zwischen den Funktionen Datenschutz und Sicherheit zu schaffen oder sie miteinander zu verbinden. Die Partner-/Lieferantenpräsentationen von INTRALOT, Novomatic, IGT, Playtech und Scientific Games waren besonders interessant und sollten den Teilnehmern versichert haben, dass ihre Zulieferer auf dem aktuellen Kenntnisstand sind und bereits Systeme planen, die das Lotteriesektorgeschäft vor der Cyber-Kriminalität der Zukunft und darüber hinaus schützen werden.

Other Articles

View all

Publication of the European Lotteries CSR GUIDELINES coming soon

All over the world, more and more companies are integrating sustainable standards and policies in order to carry out their business in a way that will better manage their risks, anticipate consumer......

Read more Synopsis: fr / es / de

New European Commission report on evaluation of regulatory tools for enforcing online gambling

The report is a result of a Call for Tender (No 641/PP/GRO/IMA/17/1131/9610) for a Study to “ascertain which enforcement tools EU/EEA Member States use, how effective they are and how the regulato......

Read more Synopsis: fr / es / de

Scientific Games | Instant Games’ Epic Evolution

Instant Games’ Epic Evolution Back in 1978, when instant “scratch” games were introduced in the European lottery market, ABBA and the Bee Gees topped the charts and a gallon of petrol cost £......

Read more Synopsis: fr / es / de

Intralot | Trends vs Fads

The idea that change is accelerating is a common place. A simple search for “exponential change” on any internet engine would yield an infinite number of articles on the topic, written by reputabl......

Read more Synopsis: fr / es / de

EL takes part in the OECD consultation on tax challenges of digitalisation

Possible solutions to the tax challenges of digitalisation In March 2018, the European Commission proposed new rules to ensure that digital business activities are taxed in a fair way in the EU. Gi......

Read more Synopsis: fr / es / de

European Lotteries adds new ‘Executive’ Module to its Corporate University ELCU

The ELCU – EXECUTIVE will be held over 1 ½ days and is designed for professional staff from Lottery Operators, Suppliers and Regulators who have sufficient experience to actively and usefully parti......

Read more Synopsis: fr / es / de

Martin Adams – Combining AI & Traditional Marketing to Build a Better Brand & Tell Better Stories

Martin ADAMS, CEO of Codec.ai, Marketing & Innovation Advisor, UK The issue? The issue is audiences are fractured and fragmented, it’s so easy to fail to engage with audiences in culture and......

Read more Synopsis: fr / es / de

Marcel Ribbens – An Outside Perspective from an Insider

Ribbens outlined what he believed we needed to challenge, in order to move into the digital age that is ever growing in the current climate. His first point was amending our way of thinking – we n......

Read more Synopsis: fr / es / de

Zoe Cairns – What’s Hot & What’s Not in Social Media Presence Today

Zoe CAIRNS, CEO at ZC Social Media, International Social Media Speaker, Trainer & Consultant, UK Speaking at the EL/WLA Marketing seminar, Zoe Cairns addressed just what’s hot in today’s soc......

Read more Synopsis: fr / es / de

David Caygill – The 10 Marketing Trends that you Need to Know for 2019

David Caygill, Managing Director Innovation Division, Iris Worldwide, UK His first point, experience is everything, underpins every brand. In the days where technology is at the forefront of convers......

Read more Synopsis: fr / es / de

IGT | Are the bats & faangs biting yet?

The major players in today’s advanced and emerging markets are commonly known by two acronyms: “FAANGs” ─ Facebook, Amazon, Apple, Netflix and Google ─ and their Asian counterparts, “BAT......

Read more Synopsis: fr / es / de