IGSA forms new committee to set casino cybersecurity standards following MGM, Caesars attacks

The International Gaming Standards Association (IGSA) has set up a Cyber Resiliency Committee (CRC) to create standards for cyber risk management, cybersecurity governance, and framework control standards for casino operators and their ecosystem.

The formation of this committee closely follows concentrated cyber attacks on casino giants MGM Resorts International and Caesars Entertainment Inc. The new committee is supported by Aristocrat Technologies, Light & Wonder and AXES.ai.

“It is very inspiring to see IGSA Platinum and Gold members come together rapidly to address the alarming rate of increase of cybersecurity issues in our industry,” Earle G. Hall, Chairman of IGSA and CEO of AXES.ai, said.

Our members are clear that cybersecurity has to be a top priority for all gaming suppliers in our industry to protect operators and our industry at large. A sincere thank you to Aristocrat Technologies and Light & Wonder for stepping up to lead this initiative to improve our industry.”

IGSA is an organization responsible for establishing and maintaining global standards and protocols in the gaming and casino industry. Its latest effort follows a cyber attack on MGM, initially detected on September 10, which caused significant disruption across its casinos in the United States, impacting the company’s websites, reservation system, and certain slot machines. The FBI is currently investigating the incident.

For its part, Caesars, which officially confirmed this month that a breach may have resulted in the exposure of sensitive information, has reportedly paid approximately half of a $30 million ransom demanded by hackers. 

“IGSA is being called to lead a concerted effort to create cyber standards to protect our industry and that is exactly what we will do thanks to the incredible leadership within our Platinum and Gold members,” Peter DeRaedt, President of IGSA, said.

This committee will solicit experts within our membership to create ready-to-use standards to improve cyber resilience. We are grateful that our Chairman, Earle G. Hall, has volunteered to act as interim chair, to lead this committee that we anticipate will offer much-needed guidance and support to our industry.”

The group believed to be behind the MGM and Caesars attacks, known as Scattered Spider, reportedly also breached the security of three additional companies in the manufacturing, retail, and technology sectors. Also known as UNC3944, the cybercriminal group is composed of hackers primarily based in the United States and the United Kingdom.