Blog

Evolving artificial intelligence and ensuring security for lotteries

Quick navigation
Security and risk management

The last WLA and European Lotteries joint Security and Operational Risks Seminar held at the end of 2024 in Marseille, France covered the theme New Threats and Opportunities: Evolving AI and Security Risks.

Organized with the support of Groupe FDJ and moderated by Fabien Marechal, International CISO, at Groupe FDJ, and member of WLA SRMC Technical Working Group Vice Chair, the two-day event gathered experts from the global regulated lotteries for security and risk management, and other industries, who examined artificial intelligence technologies and the opportunities and threats they bring to security operations.

Highlights from the seminar

The WLA Security Risk Management Committee

WLA Security Control Standard (WLA SCS:2024)

Over the last two years the WLA SRMC TWG worked to update the Standard which was approved and released in October 2024 in English, French, German and Spanish. It provides a high level of assurance on security and integrity for lottery, video lottery, sports and esports betting operators, as well as their suppliers, with the direct involvement of stakeholders in the drafting process.

Fabien Marechal ran through the key updates including terminology and definitions, consolidation and reorganization of the standard’s controls, to provide users with greater clarity. He also explained the transition rules to the WLA SCS:2024.

Access the standard at the WLA publications hub.

Risk management

Nicodemo Baffa Director of Risk Management, IGT Lottery, Italy, and a member of the SRMC Task Force 2 for Risk Management, highlighted important work by the Task Force to provide members with tools and guidance for their own risk management approaches including:

  • Updated Lottery Risk Register with new emergingrisks
  • Identification and evaluation of top risks
  • Definition of first round of risk profiles fortop risk

Learning from others

From the US to Europe and Asia, lotteries, suppliers and gaming operators were affected by attacks and scams. Lessons learned from such instances, help our global community to enhance security and risk management measures.

Gunnar Ewald, Chief Audit Executive, LOTTO Hamburg GmbH and member of the WLA SRMC Task Force 3 for Certification and auditors, provided an in-depth round up of 10 cases that occurred in 2024 detailing the types of attacks and some of the actions taken.

Tackling AI risks

On tackling AI and cyber security, Martin Descazeaux, Senior Manager, Wavestone, France, noted that there were three key areas:

  • Securing AI systems against cyber threats
  • Using AI to detect and prevent cyber attacks
  • Dealing with AI powered threats that challenge cyber security

He also talked about key recurring factors responsible for the greatest risks and underscored that most of AI use cases assessed were typically used for non-critical processes that don't demand high availability or strict integrity, and often relied on human oversight.

Enterprise risk management Gen AI applications

A Roundtable on Generative AI Applications in Security in Lotteries considered enterprise risk management of Generative AI applications.

Raj Hit, General Manager Enterprise Risk, Lotto New Zealand explained that Lotto NZ had opted to leverage and adapt existing ERM framework to accommodate AI (including Generative AI) risks, rather than completely re-design ERM frameworks.

He provided useful tips for this approach including: creating a specific ‘policy and/or standard’ which covers details for AI risks (which by nature are different from traditional risk types) under the overall ERM framework, and using AI tagging in the ERM system, for any risk in any part of the business, was helpful for future reporting and ease of reference.

Laurent Joppart, CISO, at the National Lottery, Belgium, highlighted four aspects for the approach towards and governance of AI including:

  • Setting up an AI board with members from all departments (marketing, legal, IT)
  • Defining use cases
  • Publishing security guidelines with consideration for aspects including: being aware of what you prompt, keeping the personal private, integrity and ethics
  • Using company approved AI tools.

Lottery case study – France

FDJ - La Française des Jeux speakers Bertrand Le Piolot Group CISO and Géraldine Dequeker, Cybersecurity Project Manager, provided a Case Study for Enhancing AI & Cybersecurity in a lottery context, noting how GenAI is being used by attackers to create phishing in 80% of cyber attacks as well as increasingly sophisticated deepfakes. Some ways to combat these challenges include:

  • Keep applying cyber security basics
  • Deploy automation
  • Use Gen AI to enhance capabilities

They also emphasized the need to develop a vision and strategic priorities for AI usage within the company which comprises a governance framework to guide AI usage.

Supplier insights

A supplier round table provided insights into the challenges faced in data breaches and how GenAI could help, for instance for software security, network and endpoint security, threat intelligence and penetration testing.

Topics covered comprised: Leveraging Advanced Security Tools to Integrate AI in Lottery Systems; Leveraging Gen AI to predict and prevent a data breach; Cybersecurity & software security aided by AI and AI for a better, safer gaming experience.  Expert panellists included: Dimitris Doganos Senior Cyber Security Manager, Intralot, Greece; Marc Castejon CISO, Carmanah Signs, a Division of STRATACACHE Signs Inc, France; Dragan Pleskonjic Senior Director Application Security, IGT, Serbia; Avi Cohen, Director of Data Analytics and Insight, Aristocrat Interactive, Israel.

About

Legal notice

Media inquiries

PLATINUM Contributors

Gold Contributors