Navigating the cybersecurity landscape

Day one centered on cybersecurity, addressing the challenges faced by organizations during crises. Keynote speaker, Tony de Bos (VP Advisory at Kudelski Security, Switzerland), a seasoned expert in the field, delved into common pitfalls when dealing with a crisis, such as uncertainty, team fatigue, and stressed-out teams. Emphasizing the importance of organizational readiness, tools, and training, de Bos highlighted the necessity of learning from crises rather than merely overcoming them.

A riveting roundtable featuring security experts from WLA and EL member lotteries followed, including Georgia Anastasiou (Cyber Security & IT Compliance Director, OPAP, Greece); Laurent Joppart (Chief Information Security Officer, Nationale Loterij, Belgium) & Allan Tay (Head of IT Security at Singapore Pools), speaking on behalf of Teck Guan Yeo (Chief Business Technology Officer at Singapore Pools). In focus were DDoS and ransomware attacks – top threats according to the latest ENISA (European Union Agency for Cybersecurity) report. Discussions revolved around emerging trends, strategies to keep pace, the significance of speed in mitigating attacks, cloud-based protection, and creating a secure environment for recovery.

Some best practices highlighted:

  • Establish a practical approach that includes exchange of threat intelligence, cyber movement monitoring and regular training for employees
  • Participate in forums, security groups, and industry events on this topic
  • Develop a network of expert peers to exchange insights and best practices
  • Maintain up to date incident response plans, to ensure timely responses to any issues

The day concluded with an insightful presentation by Fabien Sierras (SOC Manager, La Française des Jeux, France) on considerations for a hybrid SOC (Security Operations Center) model, with staffing identified as a key focal point.

Unraveling the potential of AI in cybersecurity

Day two explored the intersection of cybersecurity and AI. Keynote speaker Dina Kamal (Partner, Deloitte, Canada) examined how cyber threats are evolving using generative AI and gave some useful tips when using AI applications.

For instance, given that generative AI digests shorter questions faster, it is paramount to learn to ask the right questions and break topics down to reduce latency and response time, or when developing strategies to thwart hackers, think like hackers and how they might breach a system, by focusing on something less important to gain access to a critical asset.

Lottery members

Presenting case studies illustrating the power of AI in risk management, including applications in penetration testing and responsible gaming efforts, Thibault Bulabois (Head of Group Risk Management & Internal Control, Française des Jeux, France) noted that by using a big data solution to detect exceptions and maintain gaming integrity and responsible gaming, there was an increased detection of 25% of new money laundering cases.

Leoš Klofáč (Security Manager, SAZKA a.s., Czech Republic) underscored that AI-driven penetration testing could overcome traditional challenges by enabling flexible, continuous testing without time constraints. Automatically finding and confirming weaknesses removed human error, and enhanced result reliability for robust and current protection against cyber threats.

The day closed with a lively exchange among representatives of three lottery suppliers – Jason Khan (Director of Enterprise Architecture, PBL, Canada); Dimitris Doganos (Cyber Security Manager, Intralot, Greece) & Marc Castejon (Chief Information Security Officer, Carmanah Signs Inc, France) – dissecting how gaming platform monitoring and security can be enhanced with AI with a special focus on ChatGPT. The discussion also delved into how both attackers and defenders leverage AI to achieve their goals, supported by concrete examples.

Partnering for resilience in risk management

Following warm welcomes by Dato’ Lawrence Lim Swee Lin (CEO, Magnum Corporation Sdn Bhd, Malaysia), WLA Security & Risk Management Committee Chairman & Jesús Huerta Almendro (CEO, SELAE, Spain), EL Operational Risks & Assurance Supervisory Chair – the last day focussed on how WLA and EL support their members in risk management and security issues.

On behalf of WLA, Jo McLennan (General Manager, Customer Care & Operational Risk, The Lottery Corporation, Australia) and member of the WLA Security Risk Management Committee, gave an update on the Enterprise Risk Management, presenting the results of a WLA survey to members about cyber security and risk management, to better understand how to support WLA members. Revealing that cyber and data privacy breach risks are of most concern to members, WLA will develop useful guides for identifying and understanding risks and how to mitigate them, as well as find ways for members to work with regional associations to localize the types of risks that can vary from region to region.

On behalf of EL, Jose Luís Sánchez Fernández (Head of CSR, SELAE, Spain) gave an update on Risk Cards –

a dynamic tool, that is continually updated, and provides a visual and systematic approach to identify and mitigate risks within a lottery.

Gunnar Ewald (Chief Audit Executive, Lotto Hamburg GmbH, Germany) provided the traditional, comprehensive overview of lottery incidents worldwide in 2023. This time he focussed on several cyberattacks that took place in the United States and where big casino operators were victims. He explained that it is not always obvious how to deal with cyber criminals and paying to release ransomware is a big debate in these cyberattacks.

Throughout the week, the moderation of Fabien Marechal (International CISO, La Française des Jeux, France) ensured a seamless flow of discussions, and participants were left with a wealth of insights, practical strategies, and a renewed commitment to fortifying the global lottery sector against emerging threats.

Recordings of the webinar and presentations are available to WLA and EL members:
https://www.world-lotteries.or...