Moderated by WLA Executive Director, Luca Esposito, and EL Secretary General, Arjan van’t Veer, the webinar featured special addresses by Dato’ Lawrence Lim Swee Lin, CEO of Magnum Corporation Sdn Bhd, Malaysia, and Chair of the WLA Security and Risk Management Committee, and Jesus Huerta Almendro, CEO of SELAE, Spain, and Supervisory Chair of EL’s Operational Risks and Assurance Working Group.
More than 130 participants attended during the three-day event.
Testing methodologies: Bug bounty
Modern societies are facing a new kind of dilemma. On the one hand, cybersecurity needs are growing rapidly, while companies are experiencing a talent shortage and need more than ever, to find innovative and agile approaches to secure their systems.
Keynote speaker Yassir Kazar, CEO at Bug Bounty Platform Yogosha, France, considers Bug Bounty as one of the most pragmatic approaches to help companies detect their IT vulnerabilities and security flaws, by leveraging their collaboration with ethical hackers and improving their security skills. In his presentation, he explained the process offered by his company to secure and protect IT systems that are specific to each company.
The Keynote speech was followed by a roundtable of lottery representatives. Bertrand Le Piolot shared experiences with Bug Bounty from La Française des Jeux, France. Laurent Joppart from Nationale Loterij, Belgium, emphasized the importance of a security testing strategy, which combines different methodologies. Julio Sánchez from SELAE, Spain, highlighted that organizations need to define a policy for interacting with external actors, who can test their systems and services. There are both benefits and risks in handling these interactions, so it is important to get it right. Gin Wong Chin Ee talked about Singapore Pools, Singapore, test automation journey.
Cybersecurity virtual desktop drill
On the second day, participants were offered the opportunity to take part in a virtual cybersecurity exercise. This included a hypothetical disruption scenario and a series of questions for guiding participants on how to address a critical and potentially threatening situation for a lottery organization.
The exercise was written by the WLA SRMC and facilitated by Arjan van’t Veer, EL Secretary General, in the presence of experts, who animated the debate and provided input for further discussion and analysis.
Experts included (in alphabetical order) Anton Stiglic, Loto-Québec,Canada, Cecilio Vazquez, SELAE, Spain, David Boda, Camelot, UK, David Selier, former Staatsloterij and Holland Casino, The Netherlands, Philippe Vlaemminck, EL Legal Advisor, Belgium and Robert Nitz, Multi-State Lottery Association, US.
Risk management: Updates from WLA and EL
As WLA and EL both support the lottery community in improving their practices, the webinar closed with a day focused on risk management and latest updates from the associations.
Giuliano Boggiali from IGT Lottery, Italy, presented the WLA Lottery Risk Register, a list of risk-related information specific to the lottery and gaming sector, published on the WLA wiki for collecting feedback from the community. WLA members can download and comment on the Lottery Risk Register at this link.
Leoš Klofač from SAZKA, Czech Republic, gave an update on the EL risk reference cards which are designed to help manage the most pressing operational risks for lottery companies.
Valeria Serpentini WLA SRMC Coordinator presented updates of the WLA-SCS program, from the launch of the WLA-SCS:2020 – the most recent security standard of the lottery sector – to the inclusion of the remote auditing as a regular option for WLA-SCS assessments.