On May 2, 2024, the Secretariat of Prizes and Bets (SPA) and the Ministry of Finance (MF) issued Ordinance No. 722 (link here in Portuguese). This set of regulations outlines the essential technical and security criteria that iGaming and online sports betting operators must adhere to within six months of obtaining their gaming licenses.
In a series of blogs over the coming months, Luana Monje, Sales Executive at Continent 8 Technologies, will examine the various requirements for regulated iGaming in Brazil. First up, she examines the penetration testing requirement, along with other cybersecurity considerations, in more detail.
Implementing comprehensive penetration testing to address potential weaknesses
Ordinance 722, Annex IV, section 41 – Penetration testing: The purpose of penetration testing is to exploit any weaknesses discovered during the vulnerability assessment in any publicly exposed applications or systems that host applications that process, transmit and/or store sensitive information.
Executing thorough penetration testing is a testament to an organisation’s dedication to safeguarding user data. Ordinance 722 defines penetration testing as systematically challenging the strength of network and application layers so that operators and suppliers can identify and rectify vulnerabilities.
The Continent 8 solution
Our Vulnerability Assessment and Penetration Testing (VAPT) services provide comprehensive security assessments for a customer’s infrastructure and applications. The VAPT solution enables organisations to achieve regulatory compliance and understand their attack surface area, providing a strong foundation for strengthening security posture.
Key benefits include:
- Providing compliance with regulations and security standard
- Advise on hardening infrastructure and applications against threats
- Providing assurance to customers, partners and stakeholders
- Focusing security investments on maximising risk reduction
VAPT use case: Read how Continent 8 Technologies supports ODDSworks with cybersecurity audit and vulnerability assessment penetration test services. |
A 360-degree cybersecurity approach
Ordinance 722 offers a set of ground rules from which iGaming and online sports betting operators and suppliers should start. Beyond the suggested checklist, operators and suppliers should also consider a holistic approach that ensures end-to-end protection against any security and cyber threat. A 360-degree defense strategy includes:
- Endpoint Detection and Response (EDR) services to protect against advanced malware, ransomware and phishing threats.
- Distributed Denial-of-Service (DDoS) services to deliver comprehensive perimeter network mitigation against DDoS attacks.
- Managed Security Operations Center (MSOC) and Security Incident and Event Management (SIEM) services to prevent, detect or remediate vulnerabilities and threats.
- Mobile Protect services to safeguard mobile endpoints against modern security threats.
- SafeBait services to provide customised simulations to combat social engineering threats, including sophisticated MFA, phishing, smishing, vishing and quishing attacks.
By referencing the SPA and MF’s Ordinance 722 policies and partnering with an experienced and trusted solutions provider like Continent 8, operators and suppliers can deploy multi-defense, multi-layer security protection strategies for their iGaming and online sports betting platform. This approach enables them to comply with Brazil’s latest technical and security regulations while demonstrating their commitment to providing secure and trustworthy gaming environments and experiences.
Continent 8 Technologies – your trusted partner
Continent 8 Technologies, the trusted managed hosting, connectivity, cloud and cybersecurity partner to the global iGaming and online sports betting industry for over 25 years, is live in every major regulated Latin American (LATAM) jurisdiction, including Brazil.
Operating out of the LATAM region since 2020, we offer operators and suppliers access to state-of-the-art data centers, connectivity to a global private network featuring 100+ locations across four continents and best-in-class managed and professional services to support the most demanding iGaming and online sports betting requirements.
Discover why Continent 8 is the go-to infrastructure and cybersecurity provider for leading LATAM operators and suppliers such as Betcris, Boldt, Bplay and Vibra Gaming, and learn how we ensure the seamless implementation of compliant and secure infrastructures so that your Brazilian gaming operations are live from day one.
For more information on how Continent 8 can support your organisation’s regulatory and cybersecurity requirements, contact Luana at luana.monje@continent8.com.
