The EL/WLA Security Seminar: Challenges on the Horizon – Be Prepared!

Challenges on the Horizon – Be Prepared!” began with the keynote speech describing how there are only two types of organisations: those that have been hacked, and those that will be. The IOT (Internet of Things) will come to represent the Internet of Threats.
gallegoweb

Ramses Gallego, Security Strategist & Evangelist; Past international President, ISACA, Board of Directors.

The joint EL/WLA Security Seminar (Malaga 18 – 20 October), titled “Challenges on the Horizon – Be Prepared!” and graciously hosted by SELAE Spain, was a fabulous success.  A record number of participants from all regions of the world attended and engaged in a highly interactive and productive workshop led by twenty-five experts and leaders in the security field.

The keynote speech by Ramses Gallego (Security Strategist & Evangelist; Past international President, ISACA, Board of Directors) described how there are only two types of organisations: those that have been hacked, and those that will be. The IOT (Internet of Things) will come to represent the Internet of Threats. There is already an average of thirteen enterprise security breaches every day, resulting in roughly 10 million records lost a day—or 420,000 every hour. And that’s now – the IOT future will usher in an explosion in the number of device connections which will create entirely new levels of risk and vulnerability to hacking.

Examples:  Security experts Chris Valasek and Charlie Miller grabbed headlines with their research on the vulnerability of connected cars when they hacked into a Toyota Prius and a Ford Escape using a laptop plugged into the vehicle’s diagnostic port. This allowed them to manipulate the cars headlights, steering, and breaking.  The massive domain name hack that recently disrupted service at major websites like Netflix, Amazon, Twitter, Reddit and others was made possible by poorly protected IOT devices.  Systems need protection against new points of vulnerability and increasingly sophisticated methods of attack.  Thankfully, Mr Gallego’s warnings of dire challenges and potential consequences were presented in a most engaging and entertaining fashion!

thierry-pujol-fdj-lottery

Thierry Pujol, FDJ and Chair of WLA Security and Risk Management Committee.

_acr3621

Bin Han, GM of the Beijing Zhongcai Printing Company.

 

 

 

 

 

 

 

_acr3572

Danielle Van Emmerik, Senior Auditor, Nederlandse Loterij, Nederland Netherlands.

Thierry Pujol, FDJ and Chair of WLA Security and Risk Management Committee outlined the proposed changes for the next version of the WLA Security Control Standard (SCS) which were again discussed at the WLA General Assembly Singapore. These include additions for online, sports betting, electronic draws, and VLT’s.

Danielle Van Emmerik (Senior Auditor, Nederlandse Loterij, Nederland Netherlands), Evangelos Cosmidis (Financial Unit / Procurement & Quality Division Director, OPAP, Greece)  and Declan Murray (Security and Compliance Manager, Premier Lotteries Ireland) shared their experiences with various aspects of the WLA  SCS Certification process. The main theme was to prepare well and keep all colleagues and stakeholders fully informed at all stages of the process. Bin Han, GM of the Beijing Zhongcai Printing Company, described the certification process for a printing company and noted how important it was for their customers to know that they had the WLA SCS Certification.

The presentations on Personal Data Protection included a detailed description by Calvo Medina (IT Area Head of the Spanish Data Protection Authority), Franz-Joseph Wichmann (WestLotto), Johannes Puchinger (Austrian Lottery) and addressed both the big-picture importance of Personal Data Protection and detailed the practical applications of tools to provide such protection.  The speakers agreed that it is both efficient and practical to combine or create synergy between the functions of Privacy and Security.

The Partner/Supplier presentations from INTRALOT, Novomatic, IGT, Playtech and Scientific Games were particularly interesting and should have well reassured the participants that their suppliers were on top of the subject and were already planning systems that are keeping the government-gaming business protected from and ahead of the cyber-criminals of the future.

_acr3850

Manuel Gonzales Barreda, Director Fiscal Adjunto, SELAE, Spain.

_acr3644

Calvo Medina, IT Area Head of the Spanish Data Protection Authority.

 

 

 

 

 

 

 

_acr3585

Evangelos Cosmidis, Financial Unit / Procurement & Quality Division Director, OPAP, Greece.

Jean-Jacques Riera (Mission Head, Information Security, FDJ, France), Maurizio Rubini (Lottomatica, Italy), and Manuel Gonzales Barreda (Director Fiscal Adjunto, SELAE, Spain) presented on anti-money laundering where a “risk-based approach” was praised as a good solution.  These were followed by Antonio Gorrasi on the Italian approach and developments for protection, privacy and cybersecurity in Italy.

Gunnar Ewald (Chief Audit Executive, Vice President, LOTTO Hamburg GmbH) gave his traditional annual review of recent security issues worldwide and there followed some excellent presentations and an animated and robust round-table on “Trust and Assurance – RNG/Electronic Draws” comprised of Lotteries (FDJ, Loterie Romande, SELAE) and Suppliers/Certifiers (GLI, Smartplay, and Szrek2Solutions). Carlos Bachmaier (SELAE) presented a most informative review of existing standards for RNG’s and a comprehensive set of references for relevant articles. These details, together with all the presentations are available online to all of the participants at the Seminar.

The Seminar concluded with a practical hands-on workshop on the European Lottery Risk Tool supported by members of the EL POS Working Group.

Ray Bates, Honorary EL Chair, moderated.

qa190667

Related Articles

View all

Synopsis

Français
Le séminaire EL/WLA sur la sécurité s’est déroulé à Malaga du 18 au 20 octobre.  Le séminaire conjoint EL/WLA sur la sécurité intitulé « Défis à l’horizon ‑ Soyez prêts ! » et gracieusement accueilli par SELAE Espagne, a été un franc succès. Un nombre record de participants de toutes les régions du monde a participé à un atelier hautement interactif et productif conduit par 25 experts et dirigeants dans le domaine de la sécurité. Le discours d’ouverture de Ramses Gallego (stratège en sécurité et évangéliste, ancien président international, ISACA, Conseil d’administration) a décrit les deux types d’organisations : celles qui ont été piratées et celles qui le seront. L’IOT (Internet of Things [Internet des choses]) viendra représenter l’Internet of Threats (Internet des menaces). Il y a déjà en moyenne, chaque jour, 13 failles de sécurité en entreprises, provoquant la perte d’environ 10 millions d’enregistrements par jour ‑ soit 420 000 toutes les heures. Et c’est maintenant ‑ l’avenir de l’IOT marquera le début d’une explosion dans le nombre de connexions qui créera des niveaux jamais atteints de risque et de vulnérabilité au piratage. Thierry Pujol, FDJ et président du Comité de sécurité et de gestion des risques de la WLA a présenté les changements proposés pour la prochaine version du norme de contrôle de sécurité (Security Control Standard, SCS) de la WLA qui a été à nouveau discuté à l’assemblée générale de la WLA à Singapour. Il s’agit notamment d’ajouts pour les paris en ligne, les paris sportifs, les tirages électroniques et les VLT (Video lottery terminals [terminaux de loterie vidéo]). La protection des données personnelles a été abordée généralement ainsi que dans le cadre des applications pratiques des outils permettant de fournir une telle protection. Les intervenants sont convenu qu’il est à la fois efficace et pratique de combiner ou de créer une synergie entre les fonctions de protection des renseignements personnels et de sécurité. Les présentations partenaires/fournisseurs INTRALOT, Novomatic, IGT, Playtech et Scientific Games étaient particulièrement intéressantes et devraient avoir bien assuré aux participants que leurs fournisseurs sont spécialistes du sujet et qu’ils planifient déjà des systèmes qui protègent le secteur de la loterie des cyber-criminels du futur, en maintenant même une longueur d’avance sur eux.
Español
Seminario de seguridad de Loterías Europeas y WLA convocado en Málaga del 18 al 20 de octubre.  El Seminario de seguridad de Loterías Europeas y WLA, titulado “Retos en el horizonte – ¡Esté preparado!” y amablemente organizado por SELAE España fue todo un éxito. Contó con la asistencia de un número récord de participantes de todas partes del mundo, que se implicaron en un taller altamente interactivo y productivo conducido por veinticinco expertos y líderes en el campo de la seguridad. Ramsés Gallego (estratega y gurú de la seguridad, antiguo presidente internacional del comité directivo de ISACA) indicó, en la conferencia inaugural, que solo existen dos tipos de organizaciones: aquellas que han sido hackeadas y aquellas que lo serán en el futuro. El IoT (Internet de las Cosas) llegará a ser el Internet de las Amenazas. Actualmente se producen, de media, unas trece brechas de seguridad empresariales al día que producen, aproximadamente, 10 millones de registros perdidos cada día, o 420 000 cada hora. Y eso es ahora; el futuro Internet de las Cosas supondrá una explosión en cuanto al número de dispositivos conectados, y creará nuevos niveles de riesgo y vulnerabilidad al hacking. Thierry Pujol, FDJ y Director del Comité de gestión de riesgos de WLA, subrayó los cambios propuestos para la nueva versión del Estándar de Control de Seguridad (Security Control Standard, SCS) de WLA, que se discutieron de nuevo en la Asamblea General de WLA en Singapur. Estos cambios incluyen adiciones para el juego online, apuestas deportivas, sorteos electrónicos y VLT. Se habló de la protección de datos personales, tanto a gran escala como en la aplicación práctica de las herramientas que ofrecen dicha protección. Los conferenciantes indicaron que es eficiente y práctico combinar o crear sinergias entre las funciones de privacidad y seguridad. Las presentaciones de socios/proveedores por parte de INTRALOT, Novomatic, IGT, Playtech y Scientific Games fueron particularmente interesantes; los participantes obtuvieron confirmación de primera mano de que sus proveedores están a la vanguardia en cuanto a este tema, y ya están planeando sistemas que mantengan al sector de la lotería protegido de los ciberdelincuentes del futuro.
Deutsch
Das EL/WLA-Sicherheitsseminar findet vom 18. bis 20. Oktober in Malaga statt.  Das gemeinsame EL/WLA-Sicherheitsseminar mit dem Titel „Herausforderungen am Horizont – seien Sie vorbereitet!“ und liebenswürdig organisiert von SELAE Spanien war ein fabelhafter Erfolg. Eine Rekordzahl an Teilnehmern aus allen Regionen der Welt besuchte und engagierte sich in einem hoch interaktiven und produktiven Workshop mit fünfundzwanzig Experten und Führungskräften im Bereich Sicherheit. Der Keynote-Vortrag von Ramses Gallego (Sicherheitsstratege & Evangelist; ehemaliger internationaler Präsident, ISACA, Board of Directors) beschrieb, dass es nur zwei Arten von Organisationen gibt: solche, die schon gehackt wurden, und solche, die es noch werden. Das IOT (Internet of Things [Internet der Dinge]) wird bald als Internet of Threats (Internet der Bedrohungen) angesehen. Es gibt bereits einen Durchschnitt von dreizehn unternehmensbezogenen Sicherheitsverletzungen jeden Tag, was zu rund 10 Millionen verlorenen Datensätzen pro Tag bzw. 420.000 pro Stunde führt. Und das ist heute – die IOT‑Zukunft wird eine Explosion in der Anzahl von Geräteverbindungen einleiten, die völlig neue Risiken und Anfälligkeiten für Hacking schaffen. Thierry Pujol, FDJ und Vorsitzender des WLA-Ausschusses für Sicherheit und Risikomanagement, skizzierte die vorgeschlagenen Änderungen für die nächste Version des WLA Sicherheitsstandards (Security Control Standards, SCS), die auf der WLA-Generalversammlung in Singapur erneut erörtert wurden. Dazu gehören Ergänzungen für Online- und Sportwetten, elektronische Ziehungen und VLTs. Der Schutz personenbezogener Daten wurde sowohl im großen Rahmen als auch in der praktischen Anwendung von Tools zur Gewährleistung eines solchen Schutzes thematisiert. Die Sprecher waren sich einig, dass es sowohl effizient als auch praktisch ist, Synergien zwischen den Funktionen Datenschutz und Sicherheit zu schaffen oder sie miteinander zu verbinden. Die Partner-/Lieferantenpräsentationen von INTRALOT, Novomatic, IGT, Playtech und Scientific Games waren besonders interessant und sollten den Teilnehmern versichert haben, dass ihre Zulieferer auf dem aktuellen Kenntnisstand sind und bereits Systeme planen, die das Lotteriesektorgeschäft vor der Cyber-Kriminalität der Zukunft und darüber hinaus schützen werden.

Other Articles

View all

INTRALOT | The challenge of privacy and security in a modern gaming world

THE INCREASING SIGNIFICANCE OF PERSONAL DATA PROTECTION In our heavily-loaded-information era, global players deal with a large amount of information in their daily lives; they produce, process and s......

Read more Synopsis: fr / es / de

Lotteries and COVID-19: From tactical to strategic continuity

As the COVID-19 outbreak continues to have a dramatic impact worldwide, EL has produced an overview of operational continuity elements that could be – and many of them already are – implemented by individual lotteries to enhance their capability of an effective response....

Read more Synopsis: fr / es / de

“Reflecting on 11 years at the European Lotteries’’ | An interview with former EL Deputy Secretary General Jutta Buyse

Since 2016 Jutta Buyse was the Deputy Secretary General of EL and represented the Association in the Brussels office since 2009. During this time, Jutta led the public affairs for EL and experienced historic moments for the Association at European level....

Read more Synopsis: fr / es / de

Introduction to the new General Manager of Loteria Romana

Since 10 January 2020 Sebastian – Iacob Moga is the new General Manager of the C.N.  "Loteria Română" S.A., being appointed to this position by the Board of Administrators....

Read more Synopsis: fr / es / de

EL Report on the Lottery Sector in Europe

Every year EL members provide an overview of how they work and demonstrate the importance of lotteries for the benefit of society....

Read more Synopsis: fr / es / de

A partnership for society: EL and ENGSO commit to enhancing the role of grassroots sport in 2020–2021

EL and ENGSO, the European Sports NGO are further extending their partnership with a new two-year agreement (2020-21)....

Read more Synopsis: fr / es / de

Scientific Games | Data in Motion Reimagines Play

C-stores and supermarkets are modernizing to attract consumers who have come to expect more conveniences. The lottery category has the opportunity to create better experiences for players and efficiencies for retailers....

Read more Synopsis: fr / es / de

IGT | Lottomatica: Boosting Support for Women in the Workplace

Italian operator Lottomatica uses a range of programmes and tools to promote gender balance and offer personal and professional support for female employees....

Read more Synopsis: fr / es / de

100 days of the von der Leyen Commission

March 2020 marked 100 days since the current College of the European Commission took office. Commission President Ursula von der Leyen looked back at the achievements, but also ahead at the expected next steps in line with the agenda outlined in her Political Guidelines back in July last year. This agenda was in the meantime hit hard the last weeks by the rapid spread of COVID-19....

Read more Synopsis: fr / es / de