TechCrunch Disrupt: Cyber Security Warnings Should Resonate with Online Poker Sites

Google's Heather Adkins' 15 years of experience has a lot to teach the young poker software industry about online safety. 

The Internet has allowed us to work, play and bank in ways that just a few decades ago would've been too crazy for a sci-fi pulp. However, it has also made security threats harder for the average user to even understand.

Being hacked is one of those things that we like to believe "it only happens to other people", but as the recent Equifax attack suggests, that type of attitude can be very costly, for companies and individuals. 

During her TechCrunch Disrupt panel, Google’s Information Security Manager Heather Adkins told website owners that they need to accept that they are targets, in her own words: 

“At some point in the history of your company, you’re probably going to get hacked. The question is not whether or not you’re going to get hacked, but are you ready?”

You might have the strongest defenses ever engineered for the private sector, but if the right hacker wants to get through your defenses, they will eventually succeed. Adkins and Google know this from personal experience. 

In 2009, Google and other companies were attacked by Chinese hackers through an elaborated hack the level of which experts had never seen outside of the military, the attack was known as Operation Aurora.

What Can The Online Poker Industry Do To Protect Its Users? 

It's not just poker rooms that are targeted by attacks, relatively small third-party software outfits that never handle player money are just as vulnerable. 

What makes even the smallest outfits vulnerable is that they rely on open source software. Hackers can use open source code to find vulnerabilities that programmers don't know about (AKA 0-day vulnerabilities). 

This vulnerability could be used to hide malware in an official installation client, or mine a wide variety of data from their users. 

That's not to say that open source is unacceptable or that users shouldn't trust it. That would mean not trusting almost anything installed on your computer. However, it does mean that the online poker industry has a responsibility to look for and patch these vulnerabilities at all times. 

After all, this software is free, and "the price of freedom is constant vigilance", as they say. Or as Heather Adkins herself summarized on her Techcrunch Disrupt panel: 

“Even if you’re just two people in a garage, one of you need to be in charge of security, whether it’s part-time as an IT person or as a lead software developer... put a little bit of money on talent and have them do nothing but patching.”