Gamblers and dealers beware; whether in Vegas or Monte Carlo, it’s not strictly your wallet that’s at risk of running on empty.

What do gamblers, casinos, and the FBI have in common? If your answer is money, then try again. The digital age has arrived at brick-and-mortar casinos around the world, bringing with it its own flavor, including malice of a different kind than traditional card counters or chip dumping.

It’s true that casinos are highly regulated and well-protected against fraud of many kinds (often resembling or surpassing the security at hospitals and airports), but these days, it’s cybercriminals who have their eyes set on the grand prize. Casinos bank more than just their guests’ stakes. It’s the sensitive data they keep, such as financial records, personal details, and more, that make up the jackpot nowadays.

With ESET World 2025 taking place in the city of “lost wages” from March 24, 2025, perhaps it’s a good opportunity to raise cyber awareness in an area that might not be so obvious, as, increasingly, it is the data of the city’s guests, rather than the vaults, feed tables, and slot machines, that criminals are interested in.

The city of Las Vegas has many nicknames. Also known as the “gambling capital of the world,” the city is known for its lustrous casinos, luxurious hotels, and, of course, games. Within every casino, virtually hundreds of thousands of US dollars get exchanged daily. In 2023, this accounted for a collective $66.5 billion in casino revenue.

Not even George Clooney’s Ocean’s Eleven character, Danny Ocean, would scoff at such an amount, but even he would be shocked at the idea that there is more to a casino than the contents of its vaults.

Beyond the billions is the valuable data of a casino’s clientele, from people searching for lodging to event organizers, or regular, everyday casino-goers. From an even broader perspective, data on business partners (supply chains that provide the machines and security systems), employees, and even the top managers themselves, would be of great interest.

Why is all of this so interesting to threat actors? Let’s start with the sensitive data, like personal information. Anyone who’s ever checked in at a hotel knows the sort of details they have to provide to be given their rooms, such as:

1. Some form of an ID (state IDs, drivers’ licenses, passports, etc.)
2. Their name, address, preferences, email
3. Payment details

On top of that could be other specifics, such as further personal data (companions, dietary restrictions, accessibility requirements) or more. This much granular data can be very valuable on the black market, with stolen personal data from documents such as IDs or passports costing from hundreds to thousands of dollars per document.

Thus, threat actors roll the dice. In 2023, it came to light that the prominent casino chain MGM Resorts was targeted by a cyberattack, with hackers exfiltrating data such as names, contact information, gender, date of birth, IDs, and even Social Security numbers. The attack reportedly cost the chain around $100 million … certainly not chump change.

So, who’s responsible for the cybersecurity of the casino’s guests? From one point of view, it is the establishment itself, since, as it is providing a service, it needs to cover any liabilities. This is supported by regulations and guidelines recommending tight security, especially for sensitive data. Just off the top, PCI DSS would cover payment data, while the NIST Cybersecurity Framework would help a casino/hotel of any size to enact appropriate cyber measures.

For casinos in Las Vegas, the Nevada Gaming Commission (NGC) has a clear set of cybersecurity regulations for gaming operators to follow.

Perhaps this also places a bit too much of a burden on these places of entertainment. And, while guests don’t want such thoughts on their minds while hitting the jackpot, the reality is that personal awareness plays a big role when all the chips are down. Otherwise, man-in-the-middle attacks, in which cybercriminals create functional, but fake, Wi-Fi access points (aka “evil twin” networks), can gather sensitive data from victims’ devices.

Don’t bet the farm!

There are threats aplenty in the world of casinos. Scams with fake ads copying a well-known casino’s brand can present promising online gambling opportunities with great welcome bonuses. In fact, some of these scams use unauthorized photos of employees and properties to appear legitimate. What’s more, by pretending to be casino staff, bad actors could try to social engineer their way toward sensitive data, or even gain access to a casino’s systems.

What both casino operators and guests have in common is an understanding that stacking the deck in their favor is important. To double down on their security, they should consider:

• Prevention-first security: Simple antiviruses aren’t enough to protect the myriad devices casinos, hotels, or their guests have. Also, as various IoT vulnerabilities and supply-chain breaches enter the mix, these businesses and consumers must be on a proactive lookout. Businesses should consider investing in a platform such as ESET PROTECT Elite, which can provide all-encompassing protection with vulnerability management and advanced threat defense.
• Active threat hunting: For those casinos that lack the right IT staff, it would be wise to invest in a managed security service, such as ESET PROTECT MDR Ultimate, which, on top of product security, also adds highly tailored 24/7 protection with experts acting as your wild card against would-be malice, ensuring business continuity.
• Security audits: This is especially useful for protecting against supply-chain threats. A security audit could highlight weaknesses in casino systems, enabling the defenders to patch them up on time.
• Zero-trust: Access management methods such as zero-trust can ensure proper controls to mitigate the chances of unverified access. For employees, having a solution capable of Secure Authentication is one way to achieve this.
• Integrate: Casinos with existing security solutions should consider diversifying their existing security stacks with additional solutions such as Threat Intelligence. Consider that the more details that are available to an operation, the better and faster their decisions could be, saving a business millions in minutes.
• Mobile Security: Visitors to Vegas are very likely to be on the move. Hopping on and off various networks, trying out new apps, and signing up to promotions for discounts all get safer with a security solution like ESET Mobile Security, which offers protection from viruses, ransomware, and other malware. Prevention First helps you stay safe, evade phishing scams, shop safely, browse, and download files.

Incidentally, advice like this will be discussed at ESET World 2025, at the Aria Resort & Casino in Las Vegas, where experts from all around the globe, from businesses, to analysts, to government actors, will present a path to achieving a secure future. Vegas will be the place to see where progress is protected, and to connect with CISOs, renowned threat hunters, and cybersecurity experts advising CISA, NATO, and Interpol.

There’s no reason not to implement powerful security measures to deter malicious actors from swooping in on one’s turf. This means that casinos, resorts, hotels, and even their guests, should realize that it’s not just everyone’s money they’re after – there are far more compelling reasons to be targeted.

Bratislava – February 4, 2025 —ESET, a global leader in cybersecurity, today announces its new chief corporate solutions officer (CCSO), Martin Talian, whose mandate is to drive growth in delivering bespoke ESET solutions and customer success.

Mr. Talian moves from his position as VP of corporate solutions at ESET, bringing 18 years of leadership experience across diverse industry verticals to his new role. With an enduring focus on delivering value to large organizations and leadership roles with utilities, large infrastructure companies, telecommunications, digitalization, banking, and now cybersecurity, Mr. Talian is well-positioned to accelerate growth in the ESET Corporate Solutions Division.

With globally relevant expertise and demonstrable project completion, Martin Talian is set to draw from the expansive ESET portfolio of technologies, products, and services. Utilizing his rich experiences, he is poised both to create and to deliver new custom security offerings.

“Martin has been a key engine for both success and growth in the Corporate Solutions Division at ESET since its launch in 2022. He brings a passion to closing deals and delivering value to high-touch customers, and his aptitude aligns with our need both to showcase our talents and to scale our offerings. I look forward to the continued success and the fresh perspective our new C-Level manager will bring to ESET,” said Richard Marko, chief executive officer at ESET.
With large deals closing in connection with ESET NetProtect in both the EU and the Asia Pacific region, Talian’s leadership has already been recognized. These successes reflect his achievements in building and managing Solution Delivery teams, his oversight of critical sales team maturation and management processes, and his command of both the go-to-market strategy and accounts management protocols needed to succeed globally, including in North America, Latin America the Middle East and Africa.

“I am grateful for the opportunity to lead this unique team, one that I had a direct hand in building, and one which can support the wider organization in its bid to raise the prominence of ESET globally,” said Talian.

Martin Talian joins ESET’s other C-Level business leaders: CEO Richard Marko, CBO Pavol Balaj, CMO Mária Trnková, and CSO Miroslav Mikuš.