As the world continues to be a complex place of interdependent elements with black swans ever more common, lottery professionals from all corners of the world tuned in over the course of two days to hear testimonies and learnings on the topic in the EL WLA Security and Operational Risk Management webinar 2022 entitled “Expect the Unexpected: Black Swans in Security & Risk Management”.
Opening the webinar was a keynote speaker Alexandre Pluvinage, Head of Fraud and Online Security Awareness at the ING Belgium who shared experiences from the banking sector. Most companies – especially the bigger ones – have a cybersecurity awareness plan, but a lot of them fail on employee cybersecurity engagement. Pluvinage shared why, in his opinion, this is not working and what should be done to change that, introducing new ways of making employees secure by not training them yourself and having them take a more proactive role in creating awareness campaigns and sharing them among colleagues.
Gunnar Ewald, Chief Audit Executive/VP, LOTTO Hamburg, Germany gave the now already traditional update of lottery security incidents across the world. Of special interest was the case of the Mexico National Lottery, with Ewald highlighting ransomware as one of the major security threats for lotteries nowadays.
The first roundtable of the webinar gathered experts from the lotteries covering security incidents from the whole spectrum of IT to physical. Heini Roosimägi, Risk and Compliance Officer, AS Eesti Loto, Estonia explained how COVID-19 led the Estonian lottery to a more open security model and reflected on the future difficulties ahead, such as the energy crisis. Krisztián Pállai, Head of Information Security and Audit Department, Szerencsejatek, Hungary described the impact the increased influx of refugees has had on lottery shops in the country’s border areas and how the Hungarian lottery dealt with this. South Africa faced extended hours at a time with no electricity which has already had a huge impact on sales – as stores were unable to trade – and major losses for the economy. If power cuts result in rolling black outs, this will have crippling effects, said Michelle van Trotsenburg, Head Marketing Corporate Affairs, ITHUBA South Africa. Speaking on behalf of Yeo Teck Guan, Chief Business Technology Officer, Singapore Pools Ltd, Mr Allan Tay, Deputy Director, IT Security described how COVID-19 has changed the way Singapore Pools work and how the digitalization journey they started back in 2016 has helped them during this pandemic. Finally, Janez Ravas, IT Director, Športna loterija, Slovenia said that all types of cyber threats on his lottery’s IT infrastructure have grown noticeably.
Second day opened with welcome addresses by Jesus Huerta Almendro, CEO of SELAE, Spain and Supervisory Chair of the EL’s Operational Risk and Assurance Working Group (ORA) & Dato Lawrence Lim Swee Lin, CEO, Magnum Corporation Sdn Bhd, Malaysia and the Chair of the WLA Security and Risk Management Committee (SRMC).
A roundtable composed of members of both ORA and SRMC followed, giving an insight into how the two associations can support the lottery community.
Speaking on behalf of the WLA’s SRMC, Jo McLennan, General Manager, Customer Care & Operational Risk, The Lottery Corporation, Australia, gave an update on the work undertaken to date including the development of a risk register – Enterprise Risk Management Report, WLA Risk Register, WLA wiki – and future plans to develop risk guidelines and drive knowledge sharing on risk related matters with the WLA community. She invited all WLA members to take a look at the WLA Risk Register in particular and share any feedback on how it could be improved.
The virtual floor was then taken by José Luis Sánchez Fernández, Head of CSR, SELAE, Spain, Executive Chair of EL’s ORA who spoke of Risk Reference Cards, intended to provide information to EL members on how a specific operational risk might be governed and managed, covering the establishment of the desired end state and progress plan, as well as the self evaluation of situation and evolution. Different methodologies, standards and tools included in each Card represent a variety of practices and approaches from which EL members can choose those most suitable for their specific situation and objectives. A risk guide for non-experts is still work in progress, in order to make sure everyone can have a good understanding of risks.
David Boda, Chief Information Security Officer, Camelot UK Lotteries Ltd., closed with yet another example of a black swan event in the lottery industry based around a cyber attack and how WLA Security Control Standard can help a lottery to prevent, detect and respond to such events.
The final roundtable of the webinar with lottery suppliers was facilitated by Ray Bates, EL Honorary President.
Marcos Luz, Manager, Information Security, IGT, spoke of examples when IGT supported lotteries in cases of ransomware, credential stuffing, DdoS attacks and incorrect results being displayed, but also of the importance of IGT’s own security rating. Kevin Lyons, Senior Director of Compliance and Security, Scientific Games shared an amazing account of recovering the Puerto Rico Lottery after the Hurricane Irma and Hurricane Maria hit in September 2017, while Pall Palsson, VP, Product, Gaming Solutions, Product Management, Pollard Digital Solutions, explained how technology can support addressing the unpredictable through detection, mitigation and prevention.
Despite foresight being contrary to the very principle of black swans, lotteries may be able to ensure they are quick at identifying them in a timely manner and to act proactively to their consequences. Instead of trying to anticipate black swans, lotteries should reduce their vulnerability to them.
The webinar was moderated by Arjan van ‘t Veer, EL Secretary General and Antoinette Price, WLA Communication Coordinator.