Reading Time: 5 minutes

October marks Cybersecurity Awareness Month, a global initiative dedicated to promoting online safety and equipping enterprises with the knowledge needed to mitigate cyber threats.

To recognise this important occasion, we connected with Continent 8 Technologies – widely recognised as the trusted cybersecurity partner for the iGaming sector. In this Community Voices feature, we speak with Craig Lusher, Product Principal of Secure Solutions at Continent 8, as he shares expert perspectives on the evolving cybersecurity landscape within the iGaming and online sports betting industry, including emerging challenges, opportunities, and industry-leading best practices.

How have cyber threats changed in the iGaming world lately?

Historically, most attacks were single-vector events focused on individual organisations. Today, we are seeing a marked increase in complex, coordinated threats. For instance, distributed denial-of-service (DDoS) attacks are often used to divert attention from concurrent credential stuffing attempts, and large-scale campaigns now target multiple entities – such as land-based casinos and online sportsbooks – simultaneously. Threat actors employ layered techniques to conceal their true objectives, executing multifaceted attacks across diverse groups.

Social engineering has emerged as one of the most prominent and rapidly evolving risks. Phishing techniques such as email scams, fake websites, text messaging or SMS and fraudulent voice calls have advanced significantly with the development of sophisticated AI language models and automation tools, empowering attackers to convincingly impersonate individuals or organisations. The capabilities of modern AI mean that realistic voice messages and video representations can now be created within minutes, underscoring the pressing need for organisations to enhance their security posture and maintain robust vigilance across all digital channels.

Are there any weak spots in the iGaming industry – like certain countries or regulations – that make it easier for cybercriminals to attack?

Jurisdictions with more rigorous cybersecurity regulations often see operators and suppliers achieving a higher standard of cyber resilience. However, one of the challenges that the industry faces is that regulatory frameworks are often inconsistent, particularly in multi-jurisdictional markets. For example, in the US, each state maintains its own regulatory body, resulting in varying cybersecurity standards across state lines. Gaming operators and suppliers should strive to not only meet but exceed regulatory requirements wherever possible.

We are also seeing a notable increase in third-party vulnerabilities within the iGaming and online sports betting industry. This sector operates within a highly interconnected environment, where the integration of third-party partner software and APIs can pose potential security risks. For example, our customer Alea leverages a single API integration, this helps reduce their attack surface area to introduce standardisation. Through our comprehensive suite of cybersecurity assessment services, we have partnered closely with Alea to test their infrastructure.

Learn more about the partnership here:

What are some of the best ways iGaming companies are protecting themselves from hackers today? Are there rules or systems we follow to stay safe?

To strengthen the cybersecurity posture of iGaming and online sports betting platforms, organisations must shift from a reactive response model to a proactive, defence-in-depth strategy. Rather than waiting for vulnerabilities to be exposed within systems, platforms or personnel, it is imperative to anticipate and mitigate risks through structured, preventative measures. Key best practices include:

• Conducting regular security audits and comprehensive risk assessments
• Utilising advanced threat detection and response technologies
• Establishing and maintaining well-documented procedures for identifying, responding to, and recovering from cyber incidents
• Providing continuous cybersecurity training and awareness programmes for all personnel
• Equipping staff to recognise phishing campaigns, social engineering techniques, and other prevalent attack vectors
• Enforcing timely software updates, effective patch management, and strong authentication protocols such as multi-factor authentication (MFA)
• Enhancing supply chain security by rigorously evaluating and monitoring third-party vendors and partners
• Investing in next-generation technologies and methodologies to address emerging threats, especially in the context of developments in AI and artificial general intelligence (AGI)
• Ensuring strict compliance with all relevant cybersecurity regulations and standards, moving beyond a checkbox approach to security

These initiatives establish a resilient security foundation, enabling organisations to effectively mitigate risks in an evolving threat landscape.

How can new technologies like AI or machine learning help detect suspicious activity, prevent fraud, or keep the platform safe for players?

Artificial intelligence is enabling threat actors to increase the speed, scale and effectiveness of their attacks – malicious actors are leveraging AI to rapidly identify vulnerabilities, automate exploit generation, develop advanced malware that evades detection and execute attacks on a global scale.

The good news is that AI is also a powerful ally for cybersecurity teams that can be used to counter these threats. Strategic applications include:

• Deploying AI-driven threat detection for real-time identification of security incidents
• Automating incident response processes to isolate compromised devices, block malicious traffic, and implement mitigation measures swiftly
• Using AI to proactively identify and address vulnerabilities within internal systems before adversaries can exploit them
• Implementing automated patch management to remediate security gaps as soon as they are discovered
• Utilising threat intelligence platforms powered by AI to analyse and disseminate emerging attack patterns, equipping organisations to prepare for future threats

By embracing these advanced capabilities, organisations can strengthen their posture and stay ahead of sophisticated AI-driven threats and attacks.

How often should employees across departments get cybersecurity awareness training, and what should it include?

Human error remains a primary vector for cyber threats – 70% of security breaches are caused by the human element.

To effectively counteract this risk and build up the ‘human firewall’, organisations must implement a comprehensive, layered cybersecurity strategy, comprising the following components:

Employee training and awareness: People represent the first and most critical line of defence. Regular, organisation-wide cybersecurity training is essential to ensure all staff can identify the latest phishing tactics and practice strong cyber hygiene. This training should encompass the recognition of suspicious communications, the risks of interacting with unknown links or attachments, and the importance of vigilant online behaviour.

Simulated phishing attacks: Leveraging targeted simulations such as our SafeBait solution empowers employees to safely experience and recognise a variety of attack scenarios. These simulations can be customised to reflect real-world phishing attempts across multiple attack vectors, including SMS, WhatsApp, voice and QR code-based attacks.

Endpoint protection: Deploying robust endpoint security – such as our Endpoint Detection and Response (EDR) service – protects devices from malware and phishing attempts by offering real-time monitoring, rapid anomaly detection and immediate threat response.

Mobile protection: As mobile usage continues to rise, the deployment of advanced mobile security solutions is essential. Our Mobile Protect service delivers comprehensive protection for iOS and Android devices, effectively mitigating mobile-specific attack vectors.

At Continent 8, as well as our cybersecurity specialist division, C8 Secure, we prioritise ongoing internal security assessments with our own teams, upholding the standards we recommend to our customers through continuous practice and vigilance.

What trends or best practices do we anticipate will influence and shape the industry in 2025 and beyond?

There are a couple of developments that we should monitor.

First, threat intelligence. This has been an underutilised practice, due to the complexity of managing and analysing large-scale, complex datasets to effectively detect and correlate emerging, sector-specific threats in real time. I

We recently announced how we are able to address these requirements through the launch of our Threat Exchange solution – the industry’s first dedicated cyber threat intelligence (CTI) platform. This game-changing solution delivers actionable, real-time intelligence, enabling gaming operators, platform providers and B2B gaming technology companies to proactively detect emerging threats, improve indecent response and understand the threat landscape

Secondly, as we’re aware, regulatory frameworks are always evolving, gradually introducing changes that will further impact and strengthen industry security requirements. Importantly, these regulatory advancements are being applied not only to organisations but also to individual users, encouraging best cybersecurity practices and hygiene to protect systems at every level. It is essential for iGaming operators and suppliers to deliver comprehensive training platforms that incorporate realistic simulations, such as phishing exercises, to ensure staff are well-prepared for current and emerging threats.

October is recognised as Cyber Awareness Month – a reminder of the importance of cybersecurity and adherence to best practices. However, cyber threats remain persistent, and it is essential to embrace an always-on, 2/7 cyber-defence strategy that delivers comprehensive, year-round, end-to-end protection.

The post HIPTHER Community Voices: It’s Cybersecurity Awareness Month – Interview with Product Principal of Secure Solutions at Continent 8 Technologies, Craig Lusher appeared first on European Gaming Industry News.