Recent cyberattacks at MGM Resorts and Caesars Entertainment have put the spotlight on cybersecurity practices at casinos \u2013 and the importance of educating employees on social engineering tactics.\n\nWith the CSO50 Conference + Awards coming to the We-Ko-Pa Casino Resort in Fort McDowell, Arizona, October 2-4, we asked Bill Tsoukatos, Information Technology Director at Fort McDowell Enterprises, which owns the resort, to tell us what it\u2019s like to manage IT security at a casino property. Read on for his thoughts on AI, zero trust, and more.\n\nHow has the job of a casino security leader changed as games have become digitalized?\n\nInterconnectivity of gaming systems have physically transitioned from serial-based connectivity to Ethernet-based standards over the years, allowing potential hackers easier access to the gaming and\/or corporate network. Physical security of the Ethernet\/fiber cabling, along with the switch hardware interconnecting today\u2019s casino floors, has become a much bigger focus of IT security teams as direct physical access can often be the starting point for unauthorized access. At the same time, gaming systems have become built around large player databases requiring layers of network and application security to prevent data breaches or loss.\n\nWhat\u2019s on your data dashboard as the most important metrics?\n\nFrom an IT security perspective, dashboards of the past were traditionally used to indicate metrics like system status (i.e., online, offline) or uptime; however, the most important metrics today are those that indicate abnormal trends or indications of compromise. Today\u2019s networks are often evaluated for baseline trends and performance, typical traffic patterns and flows, and similar metrics defining \u201cnormal\u201d behavior. IT security teams want to be notified of any abnormal behavior to evaluate and potentially mitigate any potential threats or attacks as quickly as possible.\n\nHow do you defend the casino against attacks such as breaches, ransomware, or insider threats?\n\nIt really takes a layered or multi-tiered approach to IT security to protect against cyberattacks from the use of traditional tools like firewalls, endpoint protection, patch management, web filtering, and backups to more advanced tools like two-factor authentication, point-in-time disaster recovery applications, and air gap\/immutable backup solutions. As learned from recent cyberattacks, user education has become a critical component to protecting against these threats as well. Educating end users on how to detect a phishing scam or social engineering tactics may be the most important element in mitigating most cybersecurity events.\n\nWhat emerging technologies are you most excited about?\n\nFrom a gaming perspective, I am most excited about some of the cashless gaming solutions I\u2019ve seen. For example, being able to move from slot machine to slot machine using a digital wallet stored on your phone. From an IT security perspective, I am most excited about the zero trust framework and how the concepts behind it are helping technology professionals worldwide build a more secure network and application infrastructure. From a general IT perspective, I am most excited about the emerging use of AI and how it may be leveraged to automate certain tasks, increase productivity, and improve service to our guests. It\u2019s already pretty good at helping with math homework.\n\nDon\u2019t miss out \u2013 register now for the CSO50 Conference + Awards, happening October 2-4.