Skip to main content

NICG Highlights the Importance of Proper Cybersecurity Measures in Tribal Casinos in the Wake of Recent Cyberattacks

The National Indian Gaming Commission (NIGC) highlighted how important it was to adopt advanced technology aimed at protecting users from cyber threats.

At a time when a number of cyberattacks have targetted major commercial casinos in the US, the NIGC has praised tribal-owned properties, including in New York where there are currently seven tribal casinos, for the extensive cybersecurity measures they feature. The federal regulatory body drew parallels to medieval castle defenses and highlighted its “Defense in Depth” strategy which applies to multiple layers of protective mechanisms aimed at protecting information, data, and information systems.

Recently, the National Indian Gaming Commission issued a statement saying that cybersecurity attacks have become increasingly prevalent across various organizations in the country, regardless of their size, and have not shown any signs of decrease.

According to the regulatory body, companies should make sure they employ a comprehensive cybersecurity approach to prevent such breaches and significantly reduce the potential vulnerability of their IT systems. The Commission further explained that the discrepancy in cybersecurity outcomes can be attributed to the three-pronged approach of its members, which includes administrative controls, technical controls, and physical controls.

Apart from that, in its statement, the NIGC provided more information about the cybersecurity strategies employed by the organization’s member casinos and highlighted the usage of hardware firewalls, antivirus software, authentication controls, hardware firewalls, and so-called MFA, or multi-factor authentication.

MGM Resorts and Caesars Entertainment Hit by Scattered Spider Group’s Cyberattacks

Unfortunately, although its “Defense in Depth” security architecture has been quite effective, the National Indian Gaming Commission acknowledged that it is unable to fully eliminate the risk of cyberattacks. As explained by the body, such deceitful methods do not depend on software safeguards alone but also require companies to implement and follow robust protective policies.

As CasinoGamesPro reported earlier this month, two of the largest gambling and casino operators – MGM Resorts and Caesars Entertainment – became subject to hackers in August 2023. In both cases, the hacker attacks resulted in significant disruptions to the two companies’ operations.

One New York casino owned by MGM Resorts International fell victim to the attack, which was attributed to the Scattered Spider criminal group at a later stage. According to estimates provided by David Katz, a gaming industry analyst at Jefferies Group, the cyberattack against the gambling and hospitality group has cost the company revenue worth more than $8 million per day.

Reportedly, another casino and gambling giant – Caesars Entertainment – also paid millions of dollars to hackers following a malicious cyberattack that may have been associated with a similar incident at MGM Resorts. The attack was also attributed to the UNC 3944 group, also known as the Scattered Spider. The hackers targeted Caesars Entertainment’s confidential data, with the attack eventually causing a decline in the company’s stock prices.

What makes the cases of MGM Resorts and Caesars Entertainment very much alike is the fact that hackers managed to exploit some vulnerabilities in both companies’ systems in the form of social engineering. As CasinoGamesPro reported, the Scattered Spider group deceived staff members from the IT Help Desk through phone calls and then used VoIP technology to pose as support employees and get their passwords.

 Author: Hannah Wallace

Hannah Wallace has been part of our team since the website was launched. She has a master’s degree in IT.