Macau | Casino hotels cybersecurity policy needs be constantly adapting – Security expert

Macau (MNA) – Cryptography and security expert, Cédric Jeannot, has told Macau News Agency (MNA) that like any large commercial company, local hotel and gaming operators face data hacking risks and need to make sure they have a long-term cybersecurity strategy while constantly adapting to cover all possible hacking entry points.

Although believing that the ban on online gambling in Macau reduces the risk of possible hacking, Mr. Jeannot considered that, like banks, gaming companies have a constant and considerable stream of data on its properties’ staff, customers, and on the amount of money being spent and gambled – information that can be accessed and used illicitly.

“There is also competitive intelligence, a casino wanting to know what the other one is doing. There are so many actors that when you develop a security system you have to get it 100 per cent right,” the security expert indicated.

The fact that several integrated resorts in town provide free Wi-Fi could also create difficulties filtering and accessing who is connected to the property network.

“Those hotels are very large. If you have a public Wi-Fi and tens of thousands of people are logging in to the internet, filtering that traffic is very hard because the volume is large, so you need specific technology,” the cybersecurity businessman told MNA.

The founder and CEO of security company APrivacy Ltd., Mr. Jeannot made the comments after a talk organised by the France Macau Chamber of Commerce (FMCC) on preventing hacking activity.

When asked what should be the role of the Macau SAR Government in preventing cyber attacks to residents and companies and if the recent proposal for implementing a local Cybersecurity Law could really increase local security, Mr. Jeannot said that, like most legislation, it all boils down to execution.

“Governments have a specific role, to protect the citizens, so that they will look at it in terms of how can they do the best for the people. Creating a law is fine. The problem is how you actually implement it. Let’s say it indicates that all data has to be encrypted. That’s cool but practically can we actually do that?,” he added.

The security expert also considered that with governments having generally a limited amount of budget and tech savvy talent, local cybersecurity would probably have to be effected through a private and public partnership.

Another issue – common for either the public or private sector – is the procurement for implementing cybersecurity measures, since the long time needed for procuring, finding and implement it could mean that by the time of implementation that solution is already outdated in the fast moving world of cyberthreats.

“We advise to take a long time ]before establishing a partnership with a cybersecurity company] but then we have to look at maybe 10 years of partnership, with dedicated people to do your security. You need to adapt and you need to be realistic that cybersecurity is always moving very rapidly,” Mr. Jeannot noted.

With some companies preferring to use on-site data banks to store their data instead of trusting the data to cloud platforms, the expert also believes that the latter option is the best.

“Cloud technology has evolved so fast that the security of some cloud providers is far better than anything someone can do on their own. They have the expertise and its their core business. They also have a global view, having so much data on their clients that they can predict an attack and block it before it arrives,” Mr. Jeannot indicated.

“It’s psychological that when people put data on cloud they feel like they don’t own it anymore or lose the control, which is really the perception but not really true,” he claimed.