In a collaborative effort, EL and WLA came together once again to organize an event on security and operational risks which took place on December 5-7. With over 100 participants every day, pouring in from across the globe, the event brought together experts and thought leaders from both within and beyond the lottery sector keen on exploring the dynamic realms of cybersecurity and AI.
Navigating the Cybersecurity Landscape
The first day centered on cybersecurity, addressing the challenges faced by organizations during crises. The keynote speaker, Tony DE BOS (VP Advisory at Kudelski Security, Switzerland), a seasoned expert in the field, delved into common pitfalls when dealing with a crisis, such as uncertainty and stressed-out teams. Emphasizing the importance of organizational readiness, tools, and training, De Bos highlighted the necessity of learning from crises rather than merely overcoming them.
A riveting roundtable featuring security experts from EL and WLA member lotteries followed, including Georgia ANASTASIOU (Cyber Security & IT Compliance Director, OPAP, Greece); Laurent JOPPART (Chief Information Security Officer, Nationale Loterij, Belgium) & Allan TAY (Head of IT Security at Singapore Pools), speaking on behalf of Teck Guan YEO (Chief Business Technology Officer at Singapore Pools). In focus were DDoS and ransomware attacks – top threats according to the latest ENISA (European Union Agency for Cybersecurity) report. Discussion revolved around emerging trends, strategies to keep pace, the significance of speed in mitigating attacks, cloud-based protection, and creating a secure environment for recovery. Some best practices were highlighted and included:
- Establish a practical approach that includes exchange of threat intelligence, cyber movement monitoring and regular training for employees
- Participate in fora, security groups, and industry events on this topic
- Develop a network of expert peers to exchange insights and best practices
- Maintain up to date incident response plans, to ensure timely responses to any issues
The day concluded with an insightful presentation by Fabien SIERRAS (SOC Manager, La Française des Jeux, France) on considerations for a hybrid SOC (Security Operations Center) model, with staffing identified as the key focal point.
Unraveling the Potential of AI in Cybersecurity
During the second day, the intersection of cybersecurity and AI was explored. The keynote speaker Dina KAMAL (Partner, Deloitte, Canada) looked into how cyber threats are evolving using generative AI and gave some useful tips when using AI applications.
Given that generative AI digests shorter questions faster, it is paramount to learn to ask the right questions and break topics down to reduce latency and response time, or when developing strategies to thwart hackers, think like hackers and how they might breach a system, by focusing on something less important to gain access to a critical asset.
Lottery members presented case studies illustrating the power of AI in risk management.
Thibault BULABOIS (Head of Group Risk Management & Internal Control, Française des Jeux, France) noted that by using a big data solution to detect exceptions and maintain gaming integrity and responsible gaming, there was an increased detection of 25% of new money laundering cases.
Leoš KLOFÁČ (Security Manager, SAZKA a.s., Czech Republic) underscored that AI-driven penetration testing could overcome traditional challenges by enabling flexible, continuous testing without time constraints. Automatically finding and confirming weaknesses removed human error, and enhanced result reliability for robust and current protection against cyber threats.
The day closed with a lively exchange among representatives of three lottery suppliers – Jason KHAN (Director of Enterprise Architecture, Pollard, Canada); Dimitris DOGANOS (Cyber Security Manager, Intralot, Greece) & Marc CASTEJON (Chief Information Security Officer, Carmanah Signs Inc, France) – dissecting how gaming platform monitoring and security can be enhanced with AI with a special focus on ChatGPT. The discussion also delved into how both attackers and defenders leverage AI to achieve their goals, supported by concrete examples.
Partnering for Resilience in Risk Management
Following welcome words by Dato’ Lawrence Lim SWEE LIN (CEO, Magnum Corporation Sdn Bhd, Malaysia), WLA Security & Risk Management Committee Chairman and Jesús HUERTA ALMENDRO (CEO, SELAE, Spain), EL Risk Management Supervisory Chair – the last day turned the spotlight on how EL and WLA support their members in risk management and security issues.
On behalf of WLA, Jo McLENNAN (General Manager, Customer Care & Operational Risk, The Lottery Corporation, Australia) and member of the WLA Security Risk Management Committee (SRMC) gave an update on the Enterprise Risk Management, presenting the results of a WLA survey to members about cyber security and risk management to better understand how to support WLA members. With cyber and data privacy breach risks of most concern to WLA members, WLA will develop useful guides for identifying and understanding risks and how to mitigate them, as well as find ways for members to work with regional associations to localize the types of risks that can vary from region to region.
Gunnar EWALD (Chief Audit Executive, Lotto Hamburg GmbH, Germany) provided the traditional, comprehensive overview of lottery incidents worldwide in 2023. This time he focussed on several cyber attacks that took place in the United States and where big casino operators were victims. Gunnar explained that it is not always obvious how to deal with cyber criminals and paying to release ransomware is a big debate in these cyberattacks.
On behalf of EL, Jose Luís SÁNCHEZ FERNÁNDEZ (Head of CSR, SELAE, Spain) as the executive chair of EL’s Risk management working group gave an update on the EL Risk Cards – a dynamic tool, that is continually updated, and provides a visual and systematic approach to identify and mitigate risks within a lottery.
Throughout the week, the moderation of Fabien MARECHAL (International CISO, La Française des Jeux, France) ensured a seamless flow of discussions.
As the curtains draw on this year's event, the participants are left with a wealth of insights, practical strategies, and a renewed commitment to fortifying the global lottery sector against emerging threats.
Recordings of the webinar and presentations are available to EL and WLA members.
