The regulated lottery and sports betting industry provides entertaining gaming and betting products and services to millions of customers in a rapidly growing global market. Its success relies on public trust.
WLA members take many steps to ensure safe, secure environments for all customers and across their operations. This includes certification to WLA standards.
Over two decades ago, the WLA Security Risk Management Committee (SRMC), developed the first Security Control Standard (current iteration WLA SCS:2020), and manages its ongoing improvements.
We caught up with Anton Stiglic, General Manager of IT, Loto-Québec, Canada, Chair of the WLA SRMC Technical Working Group, and Fabien Marechal, Chief Information and Security Officer, Groupe Française des Jeux, France, member of the Technical Working Group, to find out more about the new WLA SCS:2024, which will be published later in October.
In general, what security challenges have WLA members faced over the past four years, since WLA SCS 2020 was published?
In recent years, a number of reasons have contributed to the new security challenges our industry faces.
For instance, a growing number of lotteries have adopted so-called managed, or cloud solutions for different components of their gaming systems, such as software as a service, or full gaming platform as a service. More than ever, they must manage security with respect to third party suppliers, in order to ensure the integrity of their entire gaming operations.
Online lottery products, sports, and e-sports betting have become more common, as lottery operators adapt and deliver the desired customer preferences that have evolved since the pandemic.
In contrast, security threats have not ceased, they continue to grow with greater sophistication. Artificial intelligence (AI) is improving organization performance, but it also aids hackers in mounting progressively more effective cyberattacks. For example, Generative AI is growing rapidly, thereby introducing further risk of more realistic phishing attacks.
Data sprawling across information systems, in other words, where shadow data appears, has led to a boom in data hoarding and the risk of frequent data leaks.
Additionally, regulations continue to strengthen requirements for hosting data, approving changes, providing notification of security incidents, personal information security and more.
What can users of the standard expect from WLA SCS:2024?
The WLA Security Control Standard 2020 introduced new concepts – notably the S Section for gaming system supplier and operator controls, and a section for cloud security controls. Over the past four years, these controls have proved challenging for members, raising many questions and requiring diverse action plans.
Bearing this in mind, and given the above mentioned security challenges faced by members, WLA SCS:2024 will provide clearer guidance on how to deal with the security of suppliers, and managed services, be it in hosted data centers, or in the cloud.
We have also reorganized some controls, to simplify the standard. For example, some controls have been moved to the general section, since they are applicable to all game offerings. Other general security controls that are already detailed in ISO/IEC 27001, Information security, cybersecurity and privacy protection – Information security management systems – Requirements, have also been simplified.
Importantly, a section has been created for Random Number Generators, since they are at the heart of all lottery game operations.
We have also added comprehensive M controls, which apply to any lottery participating in games administered by the Multi-State Lottery Association (MUSL).
Looking ahead, what technologies will impact the ongoing development of the standard?
Today, technology is ubiquitous, and it has an ongoing impact on our IT systems. We will continue to follow developments in artificial intelligence, blockchain, and distributed computing, as well as cloud solutions, and quantum computers.
If required, we will develop new sections in future iterations of the WLA security control standard to cover these technologies and to aid our members in managing them within their daily operations.
On this point, the annual December WLA/European Lotteries Security and Operational Risks Seminar 2024 will cover the theme of New Threats and Opportunities: Evolving AI and Security Risks.
AI technologies are at the forefront of modern security strategies. They bring unprecedented opportunities and unsurprisingly, new risks. As these technologies evolve, their application in security will be increasingly critical for global organizations, including the legal lotteries and sports betting operators.
The seminar will examine these aspects, and provide attendees with a comprehensive overview of how to leverage AI technologies to improve protection, and better manage risks.
About
Media inquiries
Legal notice
This pop-up contains legal information about this website.
This content is the property of the World Lottery Association (WLA). It may not be transferred
from the custody or control of the WLA except as authorized in writing by an officer of the WLA.
Neither this document, nor the information it contains, may be used, transferred, reproduced,
published, or disclosed, in whole or in part, either directly or indirectly, except as expressly
authorized by an officer of the WLA, pursuant to written agreement.
The WLA Website has been designed to provide information to the lottery community. The World Lottery Association has used great efforts to provide accurate and up-to-date information. However, WLA excludes any warranty, whether express or implied, for any information provided under these pages. WLA cannot be held responsible for any action taken that is based on the information hereunder.
The WLA Website also contains third party information. Such information is, wherever practically possible, marked with the name of the source and does not necessarily represent the opinion of the World Lottery Association. WLA does not take any responsibility whatsoever for such third party information.
The WLA Website also contains links to other Internet sites. WLA does not have any knowledge of the information contained in such other sites, nor has WLA been able to include such other sites in its efforts to provide accurate information. WLA therefore does not take any responsibility whatsoever for such third party information.
All rights reserved except where indicated.