by Andrew Cardno
Your tribal nation has direct jurisdiction over activities that take place within your tribal land. As arguably your tribal casino’s largest asset, your data needs to be carefully housed and protected from cyber criminals tampering with your data assets. By housing your data within tribal land, it provides the strongest protection against outside governmental interference. Consider the counter factual example of housing your tribal data outside tribal land – say with any state in the U.S. – the data is now governed by the laws of that jurisdiction. Furthermore, actions such as encryption of the data and other technical measures to ensure privacy protection do not change the jurisdiction that governs the data. If the data was encrypted, the foreign jurisdiction can follow a legal path to request access to the data under the search and investigation laws of that jurisdiction.
Now, given that your data is housed on tribal land, it needs to be protected from outside attacks. One key mechanism for doing this is to build a well-managed backup storage of all data that is necessary to operate your governmental and business operations. Furthermore, this environment needs to include data that may need to be housed outside of your tribal jurisdiction; for example, if a cloud service is used to operate your hotel system, then a copy of your hotel data should be housed within tribal land. This kind of data storage environment is called a sovereign data vault, and it provides additional benefits in that it allows for protection and recovery from cyber criminals who are actively targeting tribal casinos at an increasing rate.
By implementing a sovereign data vault at your tribal casino, in addition to your carefully implemented cybersecurity measures, your tribal property will not only have a greater chance of protecting its infrastructure and customer data from a cyber attack, a sovereign data vault backup will allow your casino to recover from ransomware attacks by providing a copy of your data to restore key systems.
The Sovereign Data Vault: A Preventative and Proactive Defense Mechanism
The sovereign data vault provides preventative and proactive defense mechanisms for your tribal casino. A data vault, separate from all your systems and located inside your casino firewall, will protect sensitive operational data, such as your customers’ personally identifiable information (PII), security protocols, and financial data. Adding a sovereign data vault to your line of defense can protect your sensitive data from unauthorized access or security breaches by providing a secure and centralized environment for managing and storing this valuable sensitive information.
In recent years, you have likely heard over and over again that ransomware attacks in your industry are “not a matter of if, but when.” The aspect of ‘when’ your tribal casino is breached by malicious cyber criminals is what the sovereign data vault will prepare your property for.
Importance of the Sovereign Data Vault
Consider the complexity and uncertainty tribal casinos have faced as the industry has become increasingly targeted by ransomware attackers. Firstly, a ransomware attack is incredibly disruptive to your business operations, often taking down the entire casino floor and imposing significant damage on your casino’s critical operating systems and data. Then, the business has to make a critical decision: do you pay the ransom to get your data and systems back?
Deciding to pay a cyber criminal’s ransom or not adds uncertainty to this complex reality of doing business in today’s world. Can you trust the cyber criminal to provide the decryption key to get your data back and bring your property’s systems back online? Does paying the ransom set a dangerous precedent that encourages future attacks at your property because cyber criminals will know that weaknesses exist in your infrastructure and that you are willing to pay?
The intelligence community generally regards giving into the demands of cyber criminals as a bad idea, as it can motivate the same and other malicious cyber actors to continue targeting your organization. Even if the ransom is paid, there is no guarantee that all of your data will be returned, or that it will be returned in a usable format because the cyber criminal might simply scramble all of your data before decrypting it, rendering it useless.
The sovereign data vault prevents the need to pay off ransomware hackers and the need to deal with the uncertain complexity of doing so because it provides a data backup in preparation for the very real scenario of a cyber attack. Second only to your core systems and the entirety of your data, the data vault is your tribal casino’s most valuable asset because it will allow you to restore systems from the backup by providing an accurate, up to date copy of your most critical operational data as it existed before the attack. The ability to quickly restore your casino’s most important information will be instrumental to minimizing the impact a ransomware attack has on your business operations and customers.
To ensure your sovereign data vault is secure and accurate at the time it is needed to recover from a cyber breach, the data should be regularly backed up, strong access controls should be in place to prevent unauthorized access, and the system should continuously monitor the system for changes made to the data, suspicious or unusual activity, and for security weaknesses and vulnerabilities. Furthermore, to ensure the sovereign data vault is readily able to quickly and effectively restore your business’s data in the event of a cyber-security breach, your casino should regularly conduct disaster recovery tests and security audits, in addition to regularly validating the backup data.
Implement the Sovereign Data Vault to Protect More Than Just Your Tribal Casino
Ransomware and cyber attacks can have harmful consequences for an organization in any industry, such as legal liabilities, reputational damage, financial loss, and can be damaging to the business’s customers. For the tribal gaming industry, however, it is even more critical to be preventative and proactive in your cybersecurity defense due to the incredible value the success of your casino operation has on its tribal nation and community. When it comes to the protection of your tribal casino’s most valuable asset, your data, the best practice is to be over-prepared in its cybersecurity defense, keeping in mind that it’s not just your business’s balance sheet that will be protected from these attacks, your most important stakeholders, your sovereign tribal nation’s community, will be
Andrew Cardno is Co-Founder and Chief Technology Officer of Quick Custom Intelligence (QCI). He can be reached by calling (858) 299-5715 or email [email protected].