Donald Tabone, Chief Information Security Officer at Betsson, warned that humans must remain in control of AI adoption, as high-risk industries adapt to a whole new dimension of threats.
How much do you believe that AI has evolved the importance of flexibility when it comes to cybersecurity?
AI has brought a completely new dimension to threats. Whilst we always knew that some of the weakest links in security are people and technical systems, AI has accelerated the exploitation of technical weaknesses and perfected social engineering attacks.
The result is a significantly increased wave of attacks that are harder for any system or human to catch, forcing security teams to adapt fast with AI-powered countermeasures. So AI has changed the landscape of security defence so much that the importance of flexibility has become astronomical.
How can we ensure the increased adoption of AI and automation doesn’t create more vulnerabilities than we’re solving?
Humans need to remain in control of the adoption of AI and automation controls. That means establishing guardrails. If we depend and trust AI too much, we could unintentionally expose ourselves to more vulnerabilities rather than resolving issues. Human verification is still very important, as we know AI systems are far from perfect and are not yet fully trustworthy.
What can be done to ensure efficiency around reporting on potential threats and incidents?
AI is very good at detecting potential threat patterns, paths and incidents. In complex environments, it can often outperform humans. What it sometimes lacks is context, but AI systems are getting better at this every day. As they become better, they should also help humans prioritise the remediation of threats.
Has it become increasingly crucial to break down internal barriers to respond rapidly to potential cybersecurity threats?
Yes, it is absolutely crucial. Just as AI tools are being used en masse for offensive reasons, the increased adoption of AI tools to help with detection and mitigation becomes essential.
Phishing, DDoS, and data breaches have dominated wider headlines around fraud – how are these attacks evolving specifically in the gambling sector?
These attacks have always existed, but they have evolved as AI has enabled perpetrators to conduct impersonation attacks by cloning voices and signatures with the intention of targeting employees through spear-phishing attacks.
We know that these attacks are much more complex than before, using emotion and timing to get the maximum benefit. When coupled with AI, the opportunities to con people in a fast-moving environment like the gaming sector become particularly attractive to attackers.
As margins are tightened, how much of a competitive advantage has cybersecurity become for gambling operators?
Security has always been important for gambling operators as it protects what creates value, as well as players’ interests. Trust is a fundamental component of player retention and if a player feels safe, then they continue gaming.
Regardless of margins, protecting what creates value allows businesses to achieve their strategic objectives without unwanted human behaviour or disruption. So, yes, indirectly, the absence of security issues allows the business to thrive, creating a silent but increasingly important competitive edge.
What will the biggest cyber threat to gambling operators look like in the next three years?
Difficult to say as three years is a long time – but at the current pace I think we have multiple things on the table that could take pole position. Some of them would be:
- Mass adoption of AI systems for malicious purposes,
- Post-quantum cryptography challenges,
- Geopolitical tensions,
- Increasingly fragmented cybersecurity legislation,
- Fragmented jurisdictional requirements,
- Weak governance structures when it comes to the adoption of AI and automation tools.
The time to take security for granted is over. Unless security becomes a priority and a quality characteristic of any product or service, weaknesses will be exploited faster than ever. This makes it essential that organisations remain firmly in control of how AI is adopted and governed.
Tabone will be speaking at the SBC Summit in Malta about the changing dynamics of cybersecurity. To find out more about the event and to secure a place in Malta – click here.
