As the world becomes more connected—with our mobile devices learning to link with everything from cameras to speakers to air conditioners—the complications surrounding cybersecurity and the increasing threats of a devastating hack are more prevalent than ever. Just last year, in fact, a casino found its high-roller database thrust into the cloud via the Internet of Things (IoT) through the connected thermometer in its lobby’s fish tank. John Roskoph, the vice president of cybersecurity and CISO for Tropicana Entertainment, shares that example when discussing the impact of IoT and wireless connectivity on the gaming industry. Tropicana owns and operates eight casinos and resorts, with locations in Atlantic City, Aruba, Indiana, Missouri, and more. While some major institutions have the resources to leverage advanced technology, Roskoph says regional casinos are still playing catch-up.
It was only somewhat recently that New Jersey’s Division of Gaming Enforcement approved a regulation that all gaming facilities in Atlantic City must have an information security officer. It was the passing of that regulation that set Atlantic City’s Resorts Casino Hotel in search of its own CISO—one that eventually drew Roskoph to Resorts Casino Hotel after his previous position as senior manager of information security at Comcast. After nearly two years there, he took on his current role at Tropicana.
Having built a career in security and technology, Roskoph saw an opportunity to help cultivate cybersecurity programs in an industry that was just beginning to realize the need for CISOs. He explains that, historically, casinos have been viewed as targets by hackers due to the fact that they’re “vendor-driven and vendor-dependent.” Casinos work with a variety of multimedia and entertainment companies. So, it can be difficult to keep up to date on what weaknesses could potentially provide an access point for hackers.
“There are components that get placed out on the casino floor or in the hotel that have Wi-Fi or IoT components. There have been times when the digital signs we install on the floor had built-in Wi-Fi components with default settings that we had to ensure were turned off prior to deployment,” Roskoph says.
Since stepping into the industry, Roskoph has implemented a number of fundamental security solutions, as well as risk assessment and education programs. Education, Roskoph notes, is especially important in the industry because many people on the casino floors are interacting one-on-one with vulnerable technology.
“The people working these gaming tables have been there for five, ten, fifteen years,” he says. “You never had to worry about technology on a blackjack table or a craps table, but now these areas are becoming more technology driven.”
Education also comes in the form of mandatory online training that includes phishing exercises and explorations of common scams. Roskoph says those trainings transcend the workplace. Many hacking efforts can be routed into the personal inboxes of employees, so “keeping them on their toes” is essential.
When it comes to educating the broader spectrum of the industry, Roskoph also notes several simple, quick fixes that smaller casinos can take to help prevent potential hackings. One is to move the perimeter down to the host level. “Don’t just focus on next-generation firewalls,” he says. “This way, you get more visibility on what’s going on at the user level. If a malicious link is clicked or malware gets into the environment, then it’s easier to stop these components from spreading.”
Routine patching of the infrastructure is also essential, as is getting software off of older operating systems. “There are several gaming applications that still rely on Windows 2003 and XP,” he says, adding that this makes apps more vulnerable. “It’s important to put more pressure on the vendors to upgrade.”
Roskoph’s work isn’t solely preventative, however. “When you’ve come from a company where the whole model is based on the internet, multimedia, and interactive technology, you can leverage what you have learned to use technology as a business enablement platform instead of just something to secure the organization,” he says.
Tropicana is now in the process of developing an inclusive, one-stop app that will allow users to manage their entire experience from hotels to activities to gaming. One further wrinkle that could have a major impact on the app’s design is the recent approval of sports betting, which Roskoph says will open the door to a number of interactive online components. “You no longer have to sit at a table for eight or nine hours to enjoy the gambling experience,” he says.
For Roskoph, that app is just one introduction to the vast amounts of possibilities in the gaming industry. “My take is that Tropicana could slowly evolve into a technology company that supports gaming and hotels, rather than a hospitality company that leverages technology,” he says.
Roskoph views that evolution as one that could eventually encompass the entire industry and, as such, he advocates for more community involvement among his colleagues. “What I’d really like to see is more information sharing, for us to get together more often, and go through brainstorming sessions because the gaming applications themselves and the technologies developed are really leveraged across the board,” Roskoph explains.
That, he believes, “could make us better as an industry.” It could also help crystallize the next evolution in the intersection of gaming and technology—one that could very well change the way we place our bets.
Photo: Courtesy of Tropicana Entertainment
PCM congratulates John on this highly merited recognition. His passion and innovation in IT security make him a tremendous asset to Tropicana Entertainment. PCM understands that working together has never been more important. We are proud to partner with John and Tropicana Entertainment, sharing a vision of innovative security solutions.