Evolving Lottery, Evolving Risk

Gus Fritschie Read Time

Lottery operations have changed in many ways since the last in-person NASPL Conference in 2019. At the same time, the cybersecurity landscape also saw an increase in complexity and volume. Cybercrime services are now for sale, making it easier than ever for amateur threat actors to enter the industry.
One of the most pressing cybersecurity threats facing the lottery industry today is Ransomware-as-a-Service. Cybercriminals can now purchase everything they need to execute a successful ransomware attack for less than $100. Considering the average ransom demand climbed to over $200,000 in 2021, you can see why it is an attractive investment.
Circular chart illustrating the average prices of Cybercrime Services for sale
Not only that, the ever-expanding “Internet of Things” means that there are more and more connected devices creating vulnerabilities in your network. From larger attack footprints due to a distributed workforce to cashless technologies, iLottery, and the increased number of vulnerabilities and potential risks in the supply chain, there has never been a more critical or more opportune time to think about security in the lottery sector.

Three key challenges lotteries are facing are:

Remote workforce & staffing

Acceleration of new technology

Business continuity

Remote Workforce and Staffing

Covid has shown that it is difficult to staff the correct personnel with security and gaming experience. Many lotteries have transitioned to a remote workforce which, while beneficial in certain aspects, causes concerns in others.

Many corporations used to be able to manage IT in-house when their whole staff was in-house, but as the complexity and sophistication of cyberattacks increase, that’s quickly becoming a thing of the past. Organizations having to quickly adjust to support a work-from-home environment created a feeding frenzy for bad actors.

As the attack footprint grows with a distributed workforce, it is crucial to have the correct security controls and perform the right level of security testing.

Endpoints BLOG SMB

Acceleration of New Technology

Lotteries have proven resilient and adaptable, but new technology leads to new risks. The cloud is here to stay and Multi-State Lottery Association (MUSL) has specific guidelines on how to secure and control the cloud. In the future, we will see traditional on-premises systems such as RNGs and ICS in the cloud.

In the meantime, modern cyber threats require lotteries to leverage modern technologies and tools to properly defend against cyberattacks. To avoid loss of reputation and revenue, lotteries must identify and assess new risks and proactively address any weaknesses exposed by digital growth by staying up to date with technology.


Business Continuity

Testing business continuity is important, from recovery from a ransomware attack to testing lockdown procedures. While investment in testing may have once been questioned, today’s growing security threats and the impact they can have mean that these activities will pay dividends in the event of an incident.

Ultimately, the future is here, and the industry is moving beyond traditional lottery games to iLottery, cashless, in-lane and more. While there is always risk, with the right level of security and verification, these technologies can be employed securely.

To learn more about the ever-evolving lottery landscape and why security is the key to future lottery success, check out a similar blog post here.

Lottery Online


CTA Lottery image


The lottery industry has experienced significant growth in its reliance on technology to power lottery operations—and with that growth comes an equally significant escalation in risk. Bulletproof helps companies modernize their lottery systems and introduce new gaming sources of revenue while simultaneously reducing threats and security risks.


Why Bulletproof?


  • Winner of the 2021 Partner of the Year Security Award by Microsoft [Global].
  • 5X Microsoft Canada IMPACT Award Winner.
  • Decades of security and compliance knowledge working with top lottery and gaming organizations.
  • Committed to building deep working relationships with customers. We will become an integral part of your team, and we take your security personally. 
  • Trusted by users on six continents to protect their data, devices, and people.
  • State-of-the-art 24/7 Security Operations Centre (SOC).
  • Penetrated more than 220 casinos and lotteries with a 90%+ success rate.
  • Performed 100s of risk assessments for gaming clients.
  • Our security professionals hold industry-recognized certifications, including ISO/IEC 27001, WLA-SCS, CISSP, CISA, CEH, CPT, OSCP, and PCI-QSA.

Bulletproof Microsoft Gold Partner

“It is without a doubt that the Wyoming Lottery start-up was successful due in part to the incredible knowledge, foresight and intellect that resides at Bulletproof. The Bulletproof team, together with its vast lottery knowledge, from the development of SOW’s, test scripts, to mathematical probabilities, have provided the state and management at the Wyoming Lottery Corporation with sound processes and standards that will enable growth well into its future.”

-Jon Clontz, Chief Executive Officer, Wyoming Lottery

Call Us