The latest alert from the Nevada Gaming Control Board (NGCB) is dedicated to promoting cybersecurity awareness.
The NGCB recently issued a crucial Cybersecurity Awareness Alert, highlighting the pressing need for heightened vigilance against a backdrop of growing cyber threats.
Alert Notice #2026-21 amplifies a broader cybersecurity warning from Adam Miller, Deputy Director of the Governor’s Technology Office, to all gaming licensees and associated parties. This timely communication underscores the alarming rise in cybersecurity incidents stretching beyond gaming and affecting various critical industries across Nevada.
Nevada's state computer systems were hit by a major ransomware attack last year, while another affected Boyd Gaming in the fall.
This announcement also comes in the wake of the cybersecurity summit held by tribal casinos and a conference that attempted to tackle some of the same cybersecurity concerns.
The Expanding Cyber Threat Landscape
The alert specifically draws attention to two predominant threats:
- Phishing: Cybercriminals use deceptive emails, texts, or links to dupe individuals into revealing sensitive information, such as login details or financial data.
- Vishing (voice phishing): This involves attackers posing as trusted entities over phone calls or voicemails to manipulate victims into compromising their security, such as providing access information or authorizing fund transfers.
These social engineering tactics exploit urgent scenarios, impersonation, and misplaced trust to bypass standard security controls.
Consequently, the NGCB emphasizes increased vigilance toward requests involving account access, wire transfers, and sensitive records, underscoring the importance of verifying actions through a second independent channel.
Immediate Actions for Improved Cybersecurity Awareness
The NGCB recommends several immediate actions for gaming enterprises to bolster their cybersecurity defenses:
- Reassess Verification Protocols: Ensure procedures for confirming unusual or high-risk requests are airtight.
- Rely on Trusted Contact Information: Avoid responding to suspicious messages through callbacks or embedded links; instead, use verified contact information.
- Double-Verification Channels: Always confirm requests through an independent channel.
- Reinforce Control Compliance: Stress that urgency should never lead to bypassing established controls.
- Strengthen Multi-Factor Authentication (MFA): Enhance security through additional authentication layers.
- Prompt Reporting of Suspicious Activity: Encourage immediate reporting of any suspicious emails, calls, texts, or irregular login attempts.
The notice urges operators not to take shortcuts in authentication or verification processes.
Practical Reminders for Staff
In line with these recommendations, practical advice for staff includes:
- Exercise Caution: Be wary of unexpected messages or attachments, and verify before clicking or opening them.
- Evaluate Calls Carefully: Be cautious of callers who demand immediate actions, secrecy, or bypassing standard procedures.
- Protect Personal Information: Never disclose passwords, MFA codes, or recovery information via email, text, or phone.
The alert also reminds operators that all staff are encouraged to heighten cyber awareness and remain vigilant in daily operations.
A Preemptive Response to High-Profile Cyber Incidents
This cybersecurity alert comes on the heels of the cyberattack on Wynn Resorts last month, where the notorious hacking group ShinyHunters claimed to have stolen over 800,000 employee records. While Wynn Resorts confirmed unauthorized data access, the company stated that the data was subsequently deleted without impacting guest operations. However, the incident sparked class-action lawsuits challenging the adequacy of the security measures in place.
The NGCB's alert seems to serve as a proactive measure in response to this incident and similar attacks on major Las Vegas operators like MGM and Caesars. Under Nevada's gaming regulations, prompt incident reporting to the Board is mandatory, reflecting the state's heightened concern over cybersecurity in critical sectors.
Prioritizing Cybersecurity Awareness in the Gaming Industry
In light of these developing threats, casinos are urged to prioritize cybersecurity awareness, training, and protocol enhancement to safeguard against these challenges. By staying informed and vigilant, the gaming industry can navigate the complexities of the cyber threat landscape, ensuring Nevada remains a safe and secure hub for gaming and entertainment.
As cyberattacks become more sophisticated and prevalent, protecting sensitive information and maintaining operational integrity must remain at the forefront of the gaming industry's agenda. By embracing recommended actions and fostering a culture of security awareness, Nevada's gaming sector can effectively counter these emerging threats.
