At the end of 2021 EL and WLA organised the Operational Risk & Security Webinar. This is the second year that the event has taken place online. The webinar gathered more than 130 participants over the course of three days.
Hidden vulnerabilities can be a major threat to the stability of information security systems. If not spotted and resolved in a timely manner, they can become an issue for the entire lottery operation and jeopardize lotteries’ data. The EL/WLA Security and Operational Risks Webinar which took place at the end of 2021 to close the year, took a deep dive into testing methodologies with a focus on bug bounties for identifying hidden vulnerabilities, risk management and a virtual cyber security exercise.
Moderated by EL Secretary General, Arjan van’t Veer and WLA Executive Director, Luca Esposito, the webinar featured special addresses by Jesus Huerta Almendro, CEO of SELAE (Spain) and Supervisory Chair of EL’s Operational Risks and Assurance Working Group and Dato’ Lawrence Lim Swee Lin CEO of Magnum Corporation Sdn Bhd (Malaysia) and Chair of the WLA Security and Risk Management Committee.
Testing methodologies: Bug Bounty
Modern societies are facing a new kind of dilemma as, on the one hand the cybersecurity needs are rapidly growing and on the other hand companies are experiencing a talent shortage and need more than ever to find innovative and agile approaches to secure their systems.
Keynote speaker Yassir Kazar, CEO at bug bounty Platform Yogosha (France) considers bug bounty is one of the most pragmatic approaches to help companies detect their IT vulnerabilities and security flows by leveraging at most their collaboration with ethical hackers and improving their security skills. In his presentation he explained the process by focusing on the new cybersecurity challenges and solutions brought by bug bounty to secure and protect IT systems that are specific to each and every company.
The Keynote speech was followed by a roundtable of lotteries’ representatives. Bertrand Le Piolot shared experiences with bug bounty from La Française des Jeux (France). Laurent Joppart from Nationale Loterij (Belgium) emphasised the importance of a security testing strategy combining different methodologies. Julio Sánchez from SELAE (Spain) highlighted that organisations need to define a policy for interacting with external actors that test its systems and services. There are both benefits and risks in handling these interactions, so it is important to get it right. Gin Wong Chin Ee talked about Singapore Pools (Singapore) test automation journey.
Cybersecurity virtual desktop drill
On the second day participants were offered a special treat: the opportunity to take part in a virtual cybersecurity exercise where a hypothetical disruption scenario and a series of questions have been prepared to guide participants through addressing a critical situation that is threatening a lottery organisation. The exercise was facilitated by Arjan van’t Veer, EL Secretary General in the presence of experts that animated the debate and provided input for further discussion and analysis.
Experts included (in alphabetical order) Anton Stiglic, Loto-Québec (Canada), Cecilio Vazquez, SELAE (Spain), David Boda, Camelot (UK), David Selier, former Staatsloterij and Holland Casino (the Netherlands), Philippe Vlaemminck, EL Legal Advisor (Belgium) and Robert Nitz, Multi-State Lottery Association (USA).
Risk management: Updates from EL and WLA
As both EL and WLA are currently dedicating their efforts to support the lottery community in improving their practices, the webinar closed with a day dedicated to the most recent updates from the two associations with the focus on risk management.
Giuliano Boggiali from IGT Lottery (Italy) presented the WLA Lottery Risk Register, a list of risk-related information specific to the lottery and gaming sector, firstly published on the WLA wiki for collecting feedback from the community. Here is the link for WLA members to download and comment the Lottery Risk Register. Leoš Klofač from SAZKA (Czech Republic) gave an update on the EL risk reference cards which are designed to help manage the most pressing operational risks for lottery companies. Valeria Serpentini WLA SRMC Coordinator presented the most recent updates to the WLA-SCS programme, from the launch of the WLA-SCS:2020 – the most recent security standard of the lottery sector – to the inclusion of the remote auditing as a regular option for WLA-SCS assessments.