Gateway Casinos ransomware attack indicates an increased need for cybercrime training
Gateway Casinos has gone through a lengthy period of closure of its 14 properties in Ontario, the consequence of a cyberattack that targeted the organization’s IT system – and it may be indicative of an increased need for cybersecurity training throughout the country.
Gateway Casinos London, among the 14 Gateway-owned casinos in Ontario, has been shut since mid-April due to a cyberattack on their IT apparatus. Locations were abruptly closed on Sunday, Apr. 16, at 2 p.m. EDT due to a malfunctioning IT system.
Gateway representatives verified that a malicious cybercriminal organization was responsible for the cyberattack, which resulted in a ransomware attack on the corporation’s network systems, causing severe disruptions.
|How to reduce the risks of email attacks
|Analytics create databases just waiting to be hacked
|Why website trackers are dangerous for Canadians
Ransomware is a type of malware that secures all files on a system behind a password, denying access to the user until a fee is paid. Of course, when dealing with criminals, there’s no guarantee that your files will be accessible even after paying the ransom.
Despite the recommendations of various world governments and agencies to refrain from paying ransom, many businesses choose to pay in order to expedite the restoration of their IT systems and continue operations.
Rob Mitchell, Communications and Public Affairs Director from Gateway, told The London Free Press on Monday that “… we are testing IT systems and are now working to safely reopen our Ontario operations.” Though the timeline is dependent on testing, later this week seems likely.
Gateway, much like many other corporate entities affected by ransomware, will not disclose whether they paid a ransom.
The assault on its IT infrastructure appears as the Canadian gambling sector is regaining strength following the pandemic. Amidst waning in-person turnout, the provincial government introduced legal online casinos in Ontario to great effect, with around $1.4 billion in gaming revenue in the first year alone, according to the regulatory authority iGaming Ontario.
The Canadian Internet Registration Authority (CIRA) runs a survey amongst businesses and cybersecurity experts each year, in which they seem to conclude that Canada isn’t ready for new cyber threats. The 2022 survey showed that 22 per cent of organizations had been victims of a successful ransomware attack in the previous 12 months.
Perhaps most concerningly, 96 per cent of IT professionals in the survey indicated their organization undertakes minimum cybersecurity training annually. The survey also raises a valid query – is this training designed to protect user data and organizations from criminal activity or merely from legal culpability in the event of a breach?
Furthermore, phishing is still the most common entry point for ransomware attacks. Phishing is one of the oldest and simplest forms of internet scam. The term phishing has been reliably tracked to 1995 and possibly earlier.
A phishing scam causes a victim to reveal sensitive information, such as passwords or security answers, or to install software on the system – ransomware being a common favourite. Spam emails designed to look like they come from reliable sources such as co-workers are familiar to many of us and pose a serious threat to security for organizations and individuals.
While phishing has become more complex over the years, the computer literate often find the scam simpler to avoid. Experts advise several simple steps, such as double checking the email address the email is coming from, up to and including contacting the individual by alternate means to check that the email is legitimate.
How effective can cybersecurity training be if this extremely basic vulnerability is still being reliably exploited?
2022 was widely considered a critical year for cybersecurity, and although Canada has not taken sufficient steps yet, we are by no means over the hill.
Digital literacy is now a cornerstone skill in Canada, and the importance of dedicated funding only increased exponentially during the pandemic. With cybercrime on the rise, it may be time to fully invest in Canada’s digital future, starting with safety, security and skills for all.
Archie Williamson is a former research analyst for London-based 6point6.
The opinions expressed by our columnists and contributors are theirs alone and do not inherently or expressly reflect the views of our publication.
© Troy Media
Troy Media is an editorial content provider to media outlets and its own hosted community news outlets across Canada.