Protecting the odds
Jani Ravas, Director of IT and Technology at the Slovenian Sports Lottery, shares insights into data protection strategies at ISR’s conference on data security.
The Adriatic Team
Cyberattacks have become increasingly frequent lately, meaning companies must invest more in cybersecurity. According to the World Economic Forum (WEF), around 2,200 cyberattacks occur daily, with monthly damages estimated at $700 billion. Hacker methods are growing more sophisticated, and with the widespread adoption of artificial intelligence, attackers now have access to tools once thought unimaginable. Today, they can exploit technology that simulates the voice of a CEO or other executives. The most common targets of these attacks are financial gain and user data, which can later be used for extortion or sold on the dark web.
So far this year, the police have received around 1,600 attack reports, amounting to €25.5 million in damages – nearing last year’s total. Companies and organisations are becoming increasingly aware of the importance of data security. When the University of Maribor was attacked, one of the first questions raised was whether their data had been compromised and who had access to it, explains ethical hacker Milan Gabor. “We have two types of organisations: regulated ones, such as banks and insurance companies, which must ensure data security and have well-established systems for protecting data.”
Small and medium-sized enterprises, adds gabor, are also attractive targets due to their valuable data, but often have weaker protections. Gabor highlights the so-called rebound attack, where hackers target someone who collaborates with a large company or financial institution and has weaker security, thus gaining access to their data. This, in turn, provides hackers with easier access to the source code of large organisations.
Thorough reviews must be a constant
Gabor argues that vulnerabilities are compounded by the growing range of services developed by companies, which increase the likelihood of data theft. He emphasises that greater data accessibility also brings higher risks of attack, especially with the rapid development of new technologies. Therefore, it is crucial for companies to conduct regular, thorough reviews. Investment in infrastructure is key, and this is often driven by incidents. “When an attack happens and it hits the headlines, investment increases, but then it drops again until the next incident. That’s why companies must continuously invest in cybersecurity,” Gabor advises.
At the Slovenian Sports Lottery, which primarily organises sports betting, data is used for analysis, business optimisation, and strategic decision-making. Unstructured data is processed and transformed into valuable information, according to director of IT and technology, Jani Ravas. Contrary to popular belief, most data doesn’t come from football but from tennis, with up to 1.3 million data points per hour, he reveals. The risk with such data is that it could be breached, altered, and exploited for profit. As a result, the company handles data carefully and responsibly, ensuring secure processing, say Ravas. When it comes to personal data, player safety, privacy, and responsible usage are top priorities.
According to Ravas, users are increasingly aware of the importance of data security noting that younger people are less hesitant to share their data, while those over 30 tend to ask why certain information is needed. “Some users are extremely security-conscious, sending data in compressed files or passwords up to 15 characters long, showing that they really understand data security.” To protect this data, the Sports Lottery uses advanced security measures, including two-factor authentication, and collaborates with payment systems like Flik to ensure comprehensive protection. They encourage users to verify security codes, understand privacy policies, and be aware of their rights. The data is stored in various secure locations across the country.
New types of protection
Cybersecurity has become one of the key issues in the corporate world. “Passwords are the gateway to our digital identities and, consequently, a (trove of) vast amount of data. Microsoft and other major operators are moving increasingly toward digital credentials, which will allow us to verify our identity before accessing data,” Gabor explains, adding that the awareness process will be gradual. As users acquire new knowledge and digital skills, trust in institutions that hold our data – such as governments, banks, and healthcare organisations – will grow. This process will take time, and the government must take the lead. This will, in turn, increase overall security, according to Gabor.
While technology advances and threats evolve, the key question remains how users will assess the credibility of digital data and content. Gabor highlighted the dangerous discrepancy between the digital and real world and the often excessive trust in it. “Passwords lead to our digital identities and consequently to large amounts of data.” He added that the awareness process will unfold gradually and that the state must drive it forward.
Many companies are still seeking a balance between digitalisation and data security, but Športna Loterija represents an example of a successful approach to managing user data. “Our company receives very positive feedback, as players consistently express trust in our security policies and data management,” explained Jani Ravas, Director of IT and Technology. The company builds user trust on multiple pillars, from proactive security policies with regular security audits and certifications per international ISO 27001 and ISO 9001 standards to implementing advanced technological solutions such as data encryption and two-factor authentication.
