Wipfli logo
Insights - Articles, Blogs and on-demand webcasts

Articles & E-Books


3 ways tribal organizations can shore up their cybersecurity

Oct 06, 2023

Cyberattacks are surging, and it's no longer a question of if but when they will occur at your organization. Tribal enterprises are especially at risk because their casino businesses and significant cash on hand makes them a prime target for cybercriminals.

The recent attacks on Las Vegas casino operators and hotels laid bare the vulnerability of casino operators and hotels to the potential for severe financial losses and business disruption. The average data breach globally in 2023 cost organizations $4.45 million, a 15% increase over three years, according to IBM’s 2023 data breach report.

By taking proactive measures to protect themselves against cyberattacks, tribal organizations can prevent devastating consequences and keep their systems and data secure. Monitoring and updating your cybersecurity protocols is an ongoing effort as criminals are working to thwart security measures as swiftly as organizations are implementing them.

Focusing on these three key areas will help provide a strong foundation for protecting your data and your systems:

1. Moving data to a secure cloud system

  • Replace older, on-premises-based hardware infrastructure to reduce the risk of a successful cyberattack. A cloud-based system offers much greater control over data access and management and can provide alerts to suspicious activity. But, be sure to configure and take advantage of the security features.
  • Provide your users with approved cloud storage so people don’t use personal, less-protected storage. Cloud-hosted data is accessible anywhere, allowing your employees to access data securely wherever they are.
  • Use a cloud-based email system: Legacy, on-premises email systems require maintenance and security patching — something many organizations struggle to do. If you’re still using an on-premises email system that you need to maintain, it’s time to move to a cloud-based, enterprise email system like Microsoft 365. The cloud provider takes care of the platform and handles security patching, so you don’t have to.

While tribes may feel hesitant to undertake a major shift to cloud services, the security advantages over onsite IT hardware are significant. Those risks include theft, fire and floods, among others.

Cloud-based infrastructure solutions offer significant benefits over traditional on-premises infrastructure, including reduced capital investments, less headaches while managing and securing physical data centers, and increased redundancy and scalability to help your systems reliably stay online. 

2. Testing for security gaps

Regularly scheduled cybersecurity testing is critical, yet basic testing isn’t enough. Some tribes rely on the National Indian Gaming Commission annual vulnerability assessment. This calls out some security gaps, however, consider this an entry-level cyber test.

  • Invest in advanced penetration testing to validate that your systems and network are configured to resist attack from a dedicated adversary. Additionally, you can use adversary emulation techniques to validate whether your security monitoring and detective controls are able to alert you to malicious activity, giving you time to react before anything bad can happen.
  • Start by benchmarking your cybersecurity controls to trusted definitive baselines like the NIST Cybersecurity Framework. Independent, third-party testing can ensure a more reliable and complete approach to testing your cybersecurity controls.
  • Implement regular vulnerability management to help identify and remediate new software vulnerabilities in a timelier manner.

3.Separating your cybersecurity and IT functions

As tribal organizations have grown from small casinos to mega resorts and multipart entities, their sprawling IT landscapes are facing ever-evolving security challenges. In today’s environment, outside managed services are needed to protect critical data. As specialized firms, they are aware of the latest threats and monitor systems 24/7 to prevent intrusions. 

  • An internal IT department at a casino is simply not equipped to manage high-level threat assessment and mitigation.
  • An internal IT team may have goals and priorities that conflict (or do not align) with security decision-making and practices.
  • An outsourced security operation validates that security controls are functioning. Specifically, they review the overall system to make sure any deviations are identified in a timely manner and promptly addressed.
  • Managed service agreements may include managed detection and response (MDR) services, which are likely to be required by cyber insurance providers to qualify for cyber coverage.

How Wipfli can help

Whether a tribe is considering cloud-migration projects or cybersecurity testing, Wipfli is a one-stop shop to help your organization meet its technology needs as securely and efficiently as possible.

Wipfli’s team can work with your budget to provide security evaluations, upgrades and other critical functions, including training your staff to be more security conscious so that together we can build a stronger human firewall. 

Contact us today to learn more about how we can help empower your tribal organization to face today’s daunting cybersecurity challenges. 

Sign up to receive additional content in your inbox or continue reading:


Chris Janke
Senior Manager, Technology
View Profile