Key highlights:
In the iGaming and online sports betting industry, where cybersecurity breaches can result in unauthorised access, identity theft, account takeovers, operational disruptions and reputational damage, MFA is an essential security measure. It’s also mandated for the regulated Brazilian iGaming market, where operators must submit proof of compliance.
In this blog, Luana Monje, Brazil-based Sales Executive at Continent 8 Technologies, explores the significance of MFA in Brazil’s exciting market, highlighting its role as both a regulatory cybersecurity requirement, outlining key considerations when selecting an effective authentication platform, and showcasing Continent 8’s passwordless MFA solution designed to deliver the most seamless single-step PIN experience.
According to the Secretariat of Prizes and Bets (SPA) and the Ministry of Finance’s (MF) technical and cybersecurity guidelines for Brazil’s betting systems (Ordinance No. 722, available in Portuguese), MFA is defined as:
A type of authentication that uses two or more of the following elements to verify a user’s identity: information known only to the user, such as a password, a pattern, or answers to challenge questions; an item owned by a user, such as an electronic token, a physical token, or an identification card; a user’s biometric data, such as fingerprints, facial or voice recognition.
First and foremost, Brazilian regulations require the implementation of MFA across several technical and cybersecurity requirements outlined in Ordinance No. 722. These requirements include:
Ordinance 722, Annex I, sections 12, 13 and 16 – Access to the betting system:
a) at least once every 7 (seven) days; or
b) on the first access after a period of inactivity of more than 7 (seven) days.
Ordinance 722, Annex IV, section 25f – Technical Controls, DNS requirements:
25 – The following requirements apply to servers used to resolve Domain Name System (DNS) queries in association with the betting system:
f) multi-factor authentication must be in place
MFA provides a layer of cybersecurity that significantly mitigates the risk of unauthorised access, thereby safeguarding sensitive data and personal information.
With MFA being a regulatory requirement in Brazil, iGaming and online sports betting operators need to evaluate which MFA options are most suitable for their operations. Here are some key considerations when assessing an MFA platform, and how Continent 8 can support your MFA journey.
| Key Consideration | The Continent 8 MFA Advantage |
|---|---|
| User experience | Same passwordless, 2-second, single-step login – on all devices and browsers
99.9% of users log in within 2 seconds. Supports biometric auth in apps. Our MFA solution ensures consistent user experiences across both app and browser platforms, while also offering the option of local biometric authentication for apps. |
| Compatibility / Operability | 100% of devices, 100% of browsersOur MFA solution ensures complete independence from hardware or operating systems, enabling compatibility across all devices and platforms.
By providing our solution through the same browser interface as the operator’s service, or by embedding the technology directly into the operator’s native app, we support:
|
| Login success rate | 99.93% login success or higherOur MFA platform streamlines the login process to a passwordless, single user step. The system is capable of operating with either a PIN or biometric authentication, providing users with flexibility and a reliable fallback across any device or browser.
Each additional step increases the potential for user error, and every dependency (such as downloads, installations, mobile phones, cellular networks, or username entry) introduces a potential point of failure for both users and the system. Our platform achieves a 99.93% login success rate in consumer-facing applications, using either a 4-digit PIN or device-based biometric authentication where available. Our platform also attains a 99.997% success rate in action (transaction) authentication. There is no difference in success rates between mobile and tablet/laptop devices, as the system does not rely on the presence of a mobile device. |
| Registration success rate | +18% in player registrations, 20% boost in profitsOur MFA solution’s enrolment process simply requires users to select a 4-digit PIN. This procedure does not require any permissions, downloads, plug-ins, imported keys or configurations, thereby eliminating registration failures. The enrolment can be completely invisible and take place during customer registration.
User process – on any device or browser:
The result: +18% increase in user registrations which can boost profits by up to 20%. |
| Support costs | 90% savings in support costs
Our MFA solution minimises support-related expenses and resources with a self-sufficient service. For example, this platform eliminates the need for password reset assistance – accounting for up to 60% of support desk inquiries, costing an estimated $15-70 per call – and customer validation. |
| MSSP services | 360-degree support
As an MSSP, we offer comprehensive end-to-end support for seamless evaluation, deployment, and ongoing assistance by:
|
| Technology | Minimal attack surface, no single point of failure
Our MFA solution employs advanced zero-knowledge proof of identity, ensuring a minimal trust surface and eliminating any single point of failure. Provides robust two-factor authentication, with the option of a software-only solution. |
| Data privacy | Zero information required
Our MFA solution does not require any Personally Identifiable Information (PII) from the end user. Instead, we only need a unique identifier, which may be a hash of a mobile number, email address, or username, thereby ensuring the solution’s adaptability to various identity schemes. |
The iGaming and online betting industry is constantly evolving, with new technologies and threats emerging regularly. Multi-factor authentication is an essential component of future-proofing betting and gaming platforms against these evolving risks. By integrating advanced authentication methods, iGaming and online sports betting operators can stay ahead of cyber threats and continuously protect their systems and players’ data.
Continent 8 is committed to supporting businesses in the iGaming and online sports betting industry with their cybersecurity needs. Our team of experts works closely with you to design and implement tailored MFA solutions that align with your regulatory requirements and business objectives.
To learn more about Continent 8’s MFA solution, contact Luana at luana.monje@continent8.com.
Jerad Swimmer, Regional Sales Director at Continent 8 Technologies, explores the benefits of a cybersecurity checklist to safeguard your tribal gaming operations against emerging cyber threats and attacks.
Safeguarding your business can be daunting, and you might be asking yourself ‘where do I begin?’ To address this, we have prepared a cybersecurity checklist to help you identify possible weaknesses.
First, let us set the scene with the current state of play and why you need to prioritize cybersecurity in today’s world.
The tribal gaming industry is a vibrant and vital part of many Native American communities, providing not only entertainment but also significant economic benefits. However, this industry is increasingly falling under the crosshairs of sophisticated cybercriminals. These bad actors aim to disrupt operations, steal sensitive patron data and extort ransom payments. The stakes are high, with the potential impact extending beyond the casino floors to tribal governments, health services and community trust.
Cyber threats in tribal gaming are diverse and evolving. For example, ransomware attacks have become more prevalent, demonstrating a devastating capacity to bring operations to a standstill. A recent notable incident involved a ransomware attack that compromised all internet servers and data, with the attackers demanding up to $500,000 to restore services. These incidents highlight the urgent need for comprehensive cybersecurity measures tailored to the unique environment of tribal casinos.
The consequences of a cyber attack on a tribal casino can be far-reaching. Beyond the immediate financial losses and operational disruptions, there is a profound impact on the trust and confidence of the community. Patrons expect their personal and financial information to be secure, and any breach can lead to a significant erosion of trust.
To effectively combat cyber threats, tribal casinos need to adopt a multi-faceted cybersecurity strategy. This involves not just technological solutions but also organizational practices and policies. The foundation of such a strategy includes:
Continent 8, supported by our dedicated cybersecurity company, C8 Secure, is a trusted partner for tribal nations and gaming enterprises. Our cybersecurity services are tailored to meet the unique needs of tribal governments, regulators and casino operators.
Our capabilities include:
We are trusted by a diverse array of tribal gaming casinos and organizations, including ShowNation, Tachi Palace Casino Resort, among others.
Don’t wait for an incident to discover whether you’re vulnerable. By taking these proactive steps, tribal casinos can fortify their defenses, ensuring uninterrupted operations and maintaining the trust of their communities.
Secure your tribal gaming operations by accessing this detailed checklist.
Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your tribal organization’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent.com or fill out our Contact Us page.
In the latest chapter of our Cultiv8 Employee Series, Jordan Holmes, Vice President of Human Resources at Continent 8 Technologies, sat down with Jason Magsoy, a Network Security Engineer based out of the Philippines.
Throughout the discussion, Jason shares insights into his professional journey, outlines his current networking responsibilities at Continent 8, discusses how he embodies the company’s culture and values and previews some of his forthcoming projects.
Hi Jason! Can you tell us a little but about yourself and your role as a Network Security Engineer at Continent 8?
I began my professional career in the IT industry in the Philippines and subsequently broadened my expertise while working in Saudi Arabia. I started from the ground up, initially running cables in ceilings, and progressively advanced to securing endpoints and networks.
At Continent 8, my responsibilities include configuring security solutions such as firewalls and maintaining a secure network for both Continent 8 and its customers. We consistently ensure that network security does not create bottlenecks by providing aggregated connections and redundant solutions.
How did you come to choose a career as a Network Security Engineer?
I was introduced to cybersecurity through firewalls, Network Detection and Response (NDR) and Endpoint Detection and Response (EDR) solutions without any prior experience, and I found network security to be incredibly fascinating. It ignited my passion for protecting devices from malicious entities. Achieving clear network traffic visibility and implementing the appropriate security solutions can significantly reduce the risk of intrusion by malicious actors.
What motivated you to join the Continent 8 team? What do you enjoy most about your job?
In my previous role, I was dedicated to configuring and safeguarding a single data centre and a limited network connection. The scope was quite narrow, and I felt my professional development was stalling. This realisation drove me to broaden my expertise in networking and security, ultimately leading me to Continent 8.
At Continent 8, I was introduced to an expansive network environment, secured by robust solutions and supported by a team of experts. I find my experience here highly rewarding, largely due to the team’s professionalism, expertise and approachability. Moreover, my time at Continent 8 has been marked by substantial personal and professional growth, which has been extremely gratifying.
Can you describe some of the challenges you face in your job position? How do you also stay up to date on the latest security/cybersecurity developments?
As a Network Security Engineer, I am part of a team dedicated to ensuring maximum network uptime for both Continent 8 and its customers. This is undoubtedly a significant responsibility, but one that I fully embrace, requiring constant vigilance and a meticulous approach.
To ensure I remain current, I am pursuing certifications related to the security solutions we employ and engaging in continuous education to stay informed about new and emerging features that could support our team’s objectives. Furthermore, I subscribe to Common Vulnerabilities and Exposures (CVE) sites to monitor new vulnerabilities pertinent to our solutions and implement necessary patches.
How do you align with Continent 8’s culture and values of Active Ownership, Purposeful Creativity and/or Genuine Care?
I align myself with Continent 8’s culture and values by actively fostering an environment of collaboration, mutual support and knowledge sharing to ensure everyone’s success. This is accomplished by upholding our team’s commitments, taking full responsibility of my role and caring for the people, company and our customers.
Any final thoughts?
Continent 8 has provided me with an incredible opportunity to pursue the work that I genuinely enjoy, providing me with a deep sense of fulfillment.
I would also like to express my sincere gratitude to the Network Security Team: Bruce Craig, Michael Freitas, Rodrigo Suzuki and Christian Temporado. Your exceptional support and leadership are truly appreciated.
Craig Lusher from our Secure team provides a comprehensive analysis of the latest Distributed Denial of Service (DDoS) statistics from the first quarter of the year and their implications for cybersecurity trends.
The first quarter of 2025 has revealed significant changes in the DDoS threat landscape, characterised by a substantial increase in attack frequency, the emergence of ‘carpet bombing’ techniques and growing trends targeting the iGaming sector. With attack methodologies evolving and becoming more sophisticated, this report provides critical insights for cybersecurity planning and threat mitigation.
The first quarter of 2025 has shown a noticeable increase in DDoS attack activity, with 161 attacks recorded. This represents a rise from 4Q 2024’s 138 attacks and a dramatic increase from 1Q 2024’s 58 attacks. The most active month was February, which continues to show vulnerability during winter months.
1Q 2025 showed the following patterns in attack intensity:
While individual attack sizes appear smaller compared to historical peaks (2Q 2023’s 560.6 Gbps), this represents a strategic shift rather than reduced threat capability. Intelligence indicates that attackers now possess capabilities exceeding 500 Gbps but are employing more targeted and distributed approaches that can bypass traditional detection mechanisms.
1Q 2025 has shown a marked increase in attacks specifically targeting the online gambling and casino sector, with intelligence indicating a 400% rise in attacks against these entities since February. This industry-specific targeting represents a prominent trend that requires specialised attention and defence mechanisms.
Key statistics for 1Q 2025:
On 26 February, a carpet-bombing incident targeted 53 networks within a short 6-minute window (03:41-03:47 UTC). While this attack peaked at 150 Gbps with 120 Mpps, its distributed nature allows it to circumvent traditional defence systems, potentially resulting in a significant customer impact.
Comparing 1Q 2025 with recent quarters reveals several trends:
This shows a clear trend of increasing attack volumes over the past three quarters, with a 372% increase from 3Q 2024 to 1Q 2025.
While individual attack volume metrics appear to show decreasing intensity, this is misleading as attacks are now distributed across multiple targets simultaneously, making traditional detection mechanisms less effective.
The number of affected customers has increased dramatically in 1Q 2025, indicating a broader targeting strategy. Of particular note is the observed ‘spray’ technique that targets entire network Classless Inter-Domain Routing (CIDR) blocks rather than individual IPs, affecting multiple customers simultaneously.
1Q 2025 has seen the emergence of carpet bombing or spray attacks that distribute traffic across multiple hosts within targeted IP ranges. These attacks:
Comparing 1Q 2025 to 1Q 2024 shows significant changes in the threat landscape:
Intelligence indicates a notable correlation between DDoS attacks and subsequent data breaches in the iGaming sector. 1Q 2025 has seen examples of multiple organisations experiencing what appears to be a new attack pattern:
Unlike traditional ransomware operations, these attacks show no ransom demands prior to data release, indicating a potential shift in threat actor motivations from financial gain to maximum disruption or competitive advantage.
The transition to carpet-bombing techniques represents a significant evolution in DDoS tactics. These attacks distribute traffic across multiple targets within a network range, using traffic volumes per target that stay below conventional detection thresholds.
Intelligence indicates a targeted campaign against the iGaming sector, with a 400% increase in attacks since February 2025.
The average attack duration has increased dramatically to 4.3 hours, with the longest attack lasting 54 hours. Short, intense attacks (3-6 minutes) are now frequently observed as reconnaissance to test defence capabilities before launching larger campaigns.
Intelligence suggests a rising trend of AI technology adoption by threat actors. Self-hosted AI tools are enabling more sophisticated and unpredictable attack patterns that traditional defence mechanisms struggle to detect. These AI-enhanced attacks show several characteristics:
Based on 1Q 2025 attack patterns, particularly the emergence of carpet-bombing techniques, the following defence strategies are recommended:
The increase in attack volumes and sophistication in 1Q 2025 indicates a significant evolution in the threat landscape. Organisations should prepare for:
The 26 February incident, which affected 53 networks within a 6-minute window, demonstrates the effectiveness of these new attack methodologies and highlights the need for enhanced detection and mitigation capabilities.
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device, phishing defence and MFA services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
Super Bowl LIX between the Philadelphia Eagles and the Kansas City Chiefs on February 9th, 2025, at the Caesars Superdome, was the eleventh Super Bowl to be held in New Orleans, and it was not the close affair we expected! In fact, the Eagles reached an insurmountable lead of 34 points before the Chiefs managed a first score. The event boasted record peak views of around 135 million, up from 124 million last year.
It was also a record-breaking 2025 in gambling terms, with significant growth in online betting compared to last year’s, reflecting the continued expansion of legal online sports betting in the US. An estimated $1.39 billion was gambled on Super Bowl LIX, up from $1.25 billion in legal bets for Super Bowl LVIII — a growth of about 11%. This figure marks the first time the American Gaming Association (AGA) based its estimate solely on legal wagers, unlike previous years that included illegal and casual bets, suggesting the actual increase in regulated online activity could be even higher as the market shifts toward legal channels.
This year also saw at least one $1m bet and a six-figure wager on the coin flip (tails by the way).
Continent 8 customer, FanDuel, reported record-breaking activity for Super Bowl LIX, with over 16.6 million bets placed by almost 3 million customers, a nearly 20% increase in bets from the 14 million recorded for LVIII (which totalled $307 million in wagers from 2.5 million users). In New York alone, a key online sports betting market, the Super Bowl LIX week saw a handle (total amount wagered) of over $557 million, with $155 million tied directly to the game, outpacing last year’s figures. FanDuel’s handle in New York for that week was $222.2 million, and DraftKings reported $193.9 million, both reflecting robust growth.
As the largest network, infrastructure and cybersecurity supplier to the US and global regulated iGaming market, Continent 8 can report its stats for Super Bowl LIX:
Continent 8 is no stranger to supporting high-traffic sporting contests. Whether it is annually for the Grand National or Cheltenham horse racing events in the UK and Ireland, the UEFA Champions League across Europe, March Madness in the US, or every four years for the UEFA Euro finals or FIFA World Cup, we know what it takes to ensure platform uptime.
As the partner of choice for iGaming and sports betting hosting, for both operators and suppliers alike, live in 31 US states, and supporting more than 90% of the largest brands in the marketplace (EGR US Power Rankings), we have the solutions and support systems in place that ultimately give companies the confidence they need to maximise the acquisition and retention opportunities these events present.
As standard for identified special sporting events, we:
In addition to this:
What’s key throughout is ensuring our customers are aware of all activity with notifications regularly sent such as internet and MPLS data, as well as average and maximum traffic in and out.
The Super Bowl is a huge event for sportsbooks, particularly now that the US has opened up online gambling (in varying capacity) in 31 states.
And after a very short amount of breathing space, we prepare for March Madness in the same vein!
Live in 31 states: Our expansion in the US began with a state-of-the-art data centre in Atlantic City, enabling customers to take advantage of the online sports betting market opportunities in New Jersey, while gaining immediate access to the Continent 8 global network. Today, we are live in 31 US states, with several new sites in the pipeline.
First-to-market: We have an aggressive strategy to ensure we are the first iGaming hosting provider in state, enabling our customers to capitalise on the fast-growing and competitive US iGaming and online sports betting market. Most recently, we went live in Missouri.
Regulated and compliant: We have vast regulatory experience and a dedicated compliance team, with strong regulator relationships across states, ensuring a complaint iGaming hosting solution for each.
Growing global team: We are a global team of 300+ specialists with a local presence – we ensure we have a team on the ground in the US to help you expand.
Learn more about our trusted solutions in the US here or contact the team via sales@continent8.com
The iGaming and online sports betting industry is facing unprecedented cybersecurity challenges, and multi-factor authentication (MFA) is becoming a crucial element for compliance and protection against cyber threats.
In this blog, Justin Cosnett, Chief Product Officer at Continent 8, will explore the cybersecurity landscape within iGaming, analyse the regulatory requirements for MFA in the US, discuss strategies for effectively navigating compliance while enhancing user experience and illustrate how passwordless MFA can be a game-changer in the iGaming industry.
In the rapidly expanding world of iGaming and online sports betting, cybersecurity has become a non-negotiable priority. As digital platforms proliferate, so do the threats aimed at them. Cyber criminals are constantly evolving their tactics, making it essential for operators to stay ahead of the curve. The stakes are high: a single breach can result in massive financial losses, reputational damage and erosion of customer trust.
Moreover, the nature of our industry, which involves real-time transactions and sensitive personal data, makes it an attractive target for cyber attacks. Implementing robust cybersecurity measures, including MFA, is not just about compliance; it’s about safeguarding the integrity of the gaming experience and protecting both the business and its players.
In the US, regulatory requirements for MFA vary by state.
Several regulated states have recognised the critical need for enhanced cybersecurity measures and have mandated the use of MFA for online gambling platforms. States such as Michigan, New Jersey and Pennsylvania are leading the charge – with others following suit – requiring operators to implement MFA to comply with state regulations.
These regulations are designed to protect consumers and ensure the integrity of the gaming environment. By requiring MFA, these states – and markets such as Brazil and Italy – aim to reduce the risk of unauthorised access and fraud, thereby fostering a safer and more trustworthy industry. Operators must stay informed about the regulatory landscape and ensure they meet all necessary requirements to avoid penalties and maintain their operating licenses.
Implementing MFA comes with its own set of challenges, particularly in balancing compliance with user experience. No operator wants to add friction to the login process, especially given the rise of live betting on mobile apps.
Statistics show that 20-30%* of users abandon login attempts due to friction caused by complex authentication processes. For iGaming and online sports betting operators, this can translate in a decrease in player engagement and potential profit losses of up to 20%*.
Businesses must navigate the tightrope of stringent regulatory compliance while ensuring a seamless and enjoyable user experience. This often involves investing in advanced MFA solutions that offer robust security without compromising on convenience.
Continent 8, in partnership with MIRACL, offers a cutting-edge passwordless MFA solution that addresses both security and user experience challenges. MIRACL’s technology eliminates the need for traditional passwords, replacing them with a single-step authentication process that is both secure and user-friendly.
Key statistics underscore the effectiveness of this solution: a 99.9% reduction in account takeovers, a 70% decrease in user login friction and a significant increase in user satisfaction and retention rates. By leveraging MIRACL’s passwordless authentication, operators can provide a seamless and secure login experience that meets regulatory requirements and enhances customer loyalty.
Quick. Easy. Successful.
Continent 8 is committed to supporting businesses in the iGaming and online sports betting industry with their cybersecurity needs. Our team of experts works closely with customers to design and implement a tailored MFA solution that align with regulatory requirements and business objectives.
Trust Continent 8 to be your partner in navigating the complexities of cybersecurity and regulatory compliance in the gambling industry.
Are you compliant? Are you losing players at login? Are you missing out on revenue? See a live demo of our MFA solution on our rapid-fire webinar, ‘Passwordless MFA:
Improve player login and maximise profit potential’ hosted by Justin on Monday 10 March. Register here.
Craig Lusher from our Secure team provides a comprehensive analysis of the latest Distributed Denial of Service (DDoS) statistics from the fourth quarter of the year and their implications for cybersecurity trends.
The fourth quarter of 2024 marked a significant shift in DDoS attack patterns, with 138 recorded incidents. This represents a substantial increase from 3Q’s 37 attacks, though remaining well below historical peaks like 2Q 2023’s 1,106 attacks. October emerged as the most active month, aligning with historical patterns of increased 4Q activity.
This is a trend not just at Continent 8. In fact, 4Q also happened to see the largest DDoS attack ever recorded, with Cloudflare mitigating a 5.6 (Terabits per second) Tbps Mirai-variant botnet attack on one of their customers on October 29.
4Q 2024 demonstrated interesting patterns in attack intensity:
This quarter’s largest attack of 13.4 Gbps represents a decrease from 3Q 2024’s peak of 37.0 Gbps. For perspective, this is dramatically lower than 4Q 2023’s peak of 412.9 Gbps, indicating a significant shift in attack methodologies.
Key statistics for 4Q 2024:
Key statistics for 4Q 2024:
Comparing 4Q 2024 with recent quarters reveals several interesting trends:
This shows a significant escalation in attack frequency during 4Q.
While attack frequency increased, intensity continued to decrease throughout the year.
The decrease in affected customers coupled with the dramatic increase in attacks per customer suggests a shift toward more targeted campaigns.
Comparing 4Q 2024 to 4Q 2023 shows significant changes in the threat landscape:
The higher volume but lower intensity of attacks suggests a fundamental shift in attacker strategies, focusing on persistent, lower-threshold campaigns rather than high-impact events.
The concentration of attacks on fewer customers, with more attacks per target, indicates a move toward more sophisticated, focused operations.
The shorter average attack duration (17.6 minutes) combined with increased frequency suggests a tactical shift toward ‘pulse’ style attacks rather than sustained campaigns.
While individual attack intensities have decreased significantly year-over-year, the dramatic increase in frequency and focus on specific targets suggests an evolution in threat actors’ strategies. The pattern of increased 4Q activity appears to be holding true, though manifesting differently than in previous years.
Organisations should prepare for:
Our best-in-class DDoS solution continues to evolve and in recent months we have amplified our scrubbing capacity to 5+ Tbps, as well as increased our scrubbing centres geographically deployed across multiple continents. Locations include Los Angeles, Chicago, New York, Miami, London, Amsterdam, Frankfurt, Singapore, Hong Kong and Sao Paulo.
Key features of our mitigation solution:
DDoS protection should also form part of a wider, multi-layered approach to cybersecurity. A 360-degree, end-to-end protection strategy should include DDoS mitigation solution as well as WAF/WAAP protection, MDR/EDR services, SIEM and SOC resources, VAPT assessments, backup solutions, and mobile device, phishing defence and MFA services.
This is the only way to have multiple protections in place for each attack type and to ensure the greatest level of resilience.
To learn more about how Continent 8 can help protect your organisation, contact a member of the team via sales@continent8.com or our Contact Us form.
Jerad Swimmer, Regional Sales Director at Continent 8 Technologies, explores the benefits of Vulnerability Assessment and Penetration Testing (VAPT).
Tribal casinos are experiencing substantial financial growth. As highlighted in my previous blog, 2023 was a landmark year for the tribal gaming sector, with revenues hitting a record $41.9 billion USD, as reported by the National Indian Gaming Commission. Consequently, tribal casinos are increasingly targeted by cybercriminals, with reports suggesting a nearly 60% increase in cyber attacks on tribes in 2023.
With significant financial and personal data at stake, cybersecurity in tribal gaming and casino environments is a critical priority. But where should you start? In this blog, I’ll explain why Vulnerability Assessment and Penetration Testing (VAPT) is the perfect first step to bolster tribal gaming cybersecurity.
Let’s begin by defining VAPT. Craig Lusher, our Product Principal of Secure Solutions, describes VAPT as the following:
“VAPT is defined as a comprehensive set of cybersecurity services that helps organizations identify, assess and mitigate vulnerabilities in their IT infrastructure, applications and networks. Periodic Vulnerability Assessments (VAs) scan to detect exploitable vulnerabilities in customer networks and infrastructure and record them in a register, prioritizing remedial work and demonstrating continuous improvement. Penetration Tests (PTs) use identified vulnerabilities to further exploit and gain access, testing the efficacy of preventative security measures, procedures and technology.”
By simulating real-world cyber attacks, pentesting enables tribal casino IT and cybersecurity teams to identify system weaknesses and address potential vulnerabilities before they can be exploited by malicious actors. This strategy not only strengthens the casino environment but also ensures that cybersecurity measures remain robust and adaptable to evolving threats.
VAPT aims to establish what we at Continent 8 call a “hardened cybersecurity posture.”
A hardened cybersecurity posture integrates multiple protective layers, adhering to best practices for adaptability to threats and changes. It begins with technical controls such as network segmentation, access management and encryption, complemented by active defenses including web application and API protection, intrusion detection and cybersecurity monitoring. This approach is guided by policies and procedures for incident response and risk management.
The core components of a hardened cybersecurity posture create a robust defense system. Technical controls prevent attacks, while monitoring systems identify threats. Regular assessments are conducted to uncover vulnerabilities and governance ensures consistent implementation. This comprehensive approach ensures that even if one safeguard fails, multiple other layers remain to protect assets.
Implementing VAPT protocols is a beneficial practice for any tribal gaming organization. These measures not only bolster cybersecurity but also streamline internal and external audits.
By maintaining detailed records of testing and remediation efforts, casinos can demonstrate their commitment to cybersecurity to auditors. This transparency not only aids in passing audits but also enhances the casino’s reputation as a reliable and secure establishment.
Regular penetration testing provides tribal casinos with ongoing monitoring and enhancement of cybersecurity protocols, helping them stay ahead of potential cyber threats. This ensures a safer and more secure environment for both operations and players, while also building trust with internal and external parties and stakeholders. This proactive approach, again, is vital in preserving the casino’s integrity and reputation.
When choosing penetration testing tools for tribal casino and gaming cybersecurity, select tools that offer comprehensive coverage, capable of evaluating a wide range of vulnerabilities across multiple systems and applications.
A comprehensive VAPT service should encompass the following:
For more information on VAPT or to book a meeting with me at TribalHub Cybersecurity Summit or the Indian Game Tradeshow (Booth 18), contact me at jerad.swimmer@continent8.com.
Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your tribal organization’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent.com or fill out our Contact Us page.
Also, be sure to watch the latest episode in our Tribal Talks: Cybersecurity Unlocked podcast series – also available on Spotify – to gain a deeper understanding of the technological advancements, cybersecurity challenges and best practices shaping tribal gaming landscape.
In the latest chapter of our Cultiv8 Employee Series, Jordan Holmes, Vice President of Human Resources at Continent 8 Technologies, sat down with Charlotte Barham, our Senior Manager, Group Controller located in the Isle of Man.
Throughout their conversation, Charlotte expressed her passion for numbers, her eagerness to embrace new challenges and the profound impact that Genuine Care and respect in the workplace can have in nurturing both individual and team success.
Hi Charlotte! Can you tell us a little but about yourself and your role as the Senior Manager, Group Controller at Continent 8?
Of course! I am a number-loving, hardworking, ambitious accountant with an extremely positive attitude (most of the time). I hate describing myself as an accountant as being labelled or ‘put in a box’ is a pet peeve of mine!
Born and raised on the Isle of Man, I have two step children, two dogs and a passion for staying active, making delicious food and taking on challenges, which you may have grasped already. I am thrilled to have joined Continent 8 last year as a Group Controller, where I am responsible for the production of financial reporting for all of our Group companies.
How did you come to choose a career as a Controller?
As a teenager, I was unsure of my career path but had a strong affinity for numbers, making accountancy a natural choice.
I loved the training aspect – the feeling when you passed exams and got a step closer to the goal was infectious. I finished second in the world in the year I qualified, which just shows you my enthusiasm for the field.
Upon graduation, I went from practice to industry, life assurance, and most recently, into a tech start-up. This is where I became captivated by this industry, and the opportunity at Continent 8 was one I couldn’t pass up.
What attracted you to the role and to joining the Continent 8 team? What do you enjoy most about your job?
It was the chance to really learn and be challenged again, both from a technical accountancy perspective and from working in a different environment/industry.
I love the intensity of the role, the variety of work and the amazingly supportive and equally talented people you get to meet and work with.
Can you describe some of the challenges you face as a Group Controller? How do you also stay up to date on the latest monitoring best practices and developments?
Reflecting on my first few months, the challenges really come down to the ability to support the growth of the business from a financial reporting perspective. We are making great progress in delivering timely reporting and working on continuous process improvement which will enable us to keep pace with the growth going forward.
Other challenges come from supporting the growing number of new jurisdictions and the complexities that they bring, such as recent experiences in Brazil and the Philippines in understanding tax legislation and how global businesses operate in those locations. Our own research and working with great third-party advisers ensure we are prepared and well-informed.
How do you align with Continent 8’s culture and values of Active Ownership, Purposeful Creativity and/or Genuine Care?
I believe I align well, which was a big consideration in my decision to join Continent 8. I am a huge believer that if you look after your people they will look after you. We are a service business in the tech sector, and we cannot be successful without having talented and hardworking people – Continent 8 is clearly full of them. Genuine Care and respect to people are important to me, and I strive to bring empathy, recognition and feedback to my team and colleagues daily.
Can you talk through some of the new initiatives you are or will be working on?
While ensuring the continuation of our current financial reporting projects and programmes, I’d like us to become more proactive. This includes automating and finding efficiencies in every aspect of finance!
And of course, I’ll be supporting the setup of all things finance-related in Brazil and the Philippines.
Any final thoughts?
I just wanted to say a huge thank you for the warm welcome I have had at Continent 8. I am loving it so far – my head has never been so full of new information!
With the rapid evolution of technology, robust cybersecurity is vital for enterprises to protect sensitive information and systems from a range of cyber threats, including hacking, data breaches and malware attacks. As technology advances, so do the methods used by cyber criminals, necessitating the implementation of protective cybersecurity measures.
In this blog, Craig Lusher, Product Principal of Secure Solutions at Continent 8 Technologies, explores how Security Information and Event Management (SIEM) platforms and Security Operations Centres (SOCs) allow organisations to adapt to emerging threats, maintain a robust cybersecurity posture and meet regulatory compliance.
SIEM solutions consolidate security monitoring across an organisation’s diverse technology stack, enabling SOC engineers to detect and respond to threats through a unified management interface. SIEM solutions serve as the central hub of an organisation’s security system, collecting and normalising security logs and events from various IT sources including network devices, servers and security systems. They provide a central register for all security events and logs, performing event correlation, threat enrichment and analysis, filtering out informational events and promoting true security events and threats, helping organisations protect their systems from attacks and breaches.
A SOC, or Managed Security Operations Centre (MSOC), such as those offered by Continent 8 and C8 Secure, is a dedicated team that focuses on safeguarding the company’s systems from security threats. Utilising various tools, such as a SIEM system, they watch over the company’s computer systems, spot any problems or attacks and respond to them quickly. The SOC functions as a cybersecurity team, ensuring everything is running smoothly and securely.
SIEM systems are integral in SOC cybersecurity, offering SOC teams with a holistic view of their cybersecurity events.
To begin, the SIEM system correlates and analyses the aggregated security data from internal sources and external threat intelligence to identify any unusual or suspicious activities that could indicate a potential security issue. Upon detection, it promptly alerts the SOC team, enabling them to address the issue swiftly.
In the event of an incident, the SIEM system provides comprehensive information that assists SOC analysts in understanding the nature and severity of the threat. This insight aids in effective response and helps prevent future occurrences.
Additionally, SIEM systems support compliance efforts by generating reports and maintaining logs that demonstrate the organisation’s adherence to necessary regulations. These systems are indispensable for managing security incidents and events, facilitating efficient monitoring, detection and management of security challenges by SOC teams.
Operating a SOC without a SIEM system would be quite challenging. A SIEM system provides the centralised tool required to gather and interpret security data, which is crucial for effectively preventing, detecting, investigating and responding to threats. While a SOC might use other tools and methods, SIEM systems are integral for streamlining these processes and ensuring comprehensive cybersecurity management. SIEM systems employ advanced analytics and automation to filter and prioritise security alerts, preventing the cognitive overload, or alert fatigue, that occurs when SOC engineers manually process a constant barrage of security logs. This intelligent filtering not only reduces the risk of human error and missed security events but also optimises operational costs by allowing SOC engineers to focus their expertise on critical threat analysis and incident response rather than routine log review. The result is more efficient resource allocation and enhanced security effectiveness.
A successful SIEM and SOC strategy begins with defining clear objectives and goals for each system. Essential components of effective SIEM and SOC strategies include:
Continent 8 offers a comprehensive SIEM and Managed SOC solution that addresses critical cybersecurity challenges. This platform provides centralised visibility of your entire infrastructure, coupled with 24/7 expert monitoring and rapid threat detection and response, ensuring regulatory compliance while allowing maintaining a robust cybersecurity posture.
Our SIEM and MSOC solution consists of the following key service components:
Continent 8’s SIEM platform is a comprehensive, multi-tenant solution that gathers and correlates security data across a customer’s infrastructure. Enhanced by AI-driven SOAR and correlation capabilities with integrated threat intelligence tools, it delivers advanced analytics and automated incident response workflows. The platform is built for high performance, scalability and real-time threat detection, ensuring rapid identification and resolution of security incidents.
Continent 8’s MSOC solution is a fully managed, multi-tenant service offering real-time security monitoring and incident response for customers. Following the NIST framework, it leverages our sophisticated SIEM platform to collect and analyse security alerts, offering customers actionable insights and remediation strategies through tailored playbooks. By outsourcing security operations to Managed Security Service Providers (MSSPs) such as Continent 8, customers can focus on their core business while benefiting from the expertise of Continent 8’s 24/7/365 global SOC team.
Continent 8’s Sentinel managed device is deployed within the customer’s network, aggregating logs and events from various systems, normalising them and preparing the data for secure transmission to the SIEM. It utilises encryption to ensure data integrity and privacy, compressing and deduplicating data to optimise performance. Sentinel enhances security visibility by enabling seamless data collection and forwarding.
Continent 8’s Incident Response System integrates directly into Continent 8’s SIEM to streamline incident response processes. It provides a centralised platform for managing and tracking security incidents from detection to resolution, with built-in automation for workflows and playbooks. By enabling collaborative responses and providing real-time data sharing, it significantly improves incident resolution times while enhancing post-incident analysis and reporting.
Continent 8’s Cyber Threat Intelligence Service serves as a structured repository for aggregating, analysing and sharing cyber threat intelligence. It allows organisations to collect data on threats, actors and campaigns, helping security teams anticipate and mitigate potential attacks. Through its powerful visualisation tools, the service enhances situational awareness and enables proactive threat detection.
Continent 8’s Security Orchestration and Automated Response (SOAR) tool, implemented within Continent 8’s SIEM, provides a no-code automation platform for orchestrating and automating security workflows. Its drag-and-drop interface simplifies the creation of complex incident response processes, reducing manual effort and improving efficiency. With pre-built templates and over 2,000 app integrations, it enables quick deployment of automated responses, ensuring consistent handling of security incidents.
Continent 8’s Threat Analysers and Responders are automation tools integrated into Continent 8’s SIEM that enrich security events with threat intelligence from multiple sources. With over 100 analysers, they provide critical context for observables such as IPs and URLs, supporting faster decision-making during investigations. These tools enhance threat detection and response by simplifying data analysis and improving the quality of incident responses.
Continent 8’s Intrusion Detection System (IDS), combined with our proprietary Continent 8 Sentinel platform, provides advanced network security monitoring, threat detection and response capabilities, delivering unparalleled visibility and security throughout your entire network infrastructure.
SIEM and MSOC services deliver significant cybersecurity enhancements through real-time monitoring, detection and response. This proactive approach aids in the early identification and mitigation of threats by collecting, analysing and correlating data from across a customer’s network with other ongoing security events. Collaborating with MSSPs also guarantees access to a dedicated team of SIEM and MSOC specialists who work closely with your IT team, providing playbooks and optimal risk mitigation strategies to address specific exploits or vulnerabilities, thereby ensuring optimal cybersecurity posture.
Continent 8 provides comprehensive, multi-layered threat prevention, detection and response solutions to secure your organisation’s digital assets in the face of evolving cyber threats. For more information on how Continent 8 can support your cybersecurity initiatives, email sales@continent8.com or fill out our Contact Us page.