Bet on Ceuta is placing cybersecurity front and centre at its upcoming international edition in the autonomous city of Ceuta, bringing in one of Spain's most senior law enforcement cyber specialists to address the threats facing the online gaming sector.
Coronel Jorge Juan Pérez Rodríguez, head of the Cibercomandancia – the specialised cyber unit of the Guardia Civil – will deliver a presentation on cybercrime in online gaming. Ahead of the event, he granted an interview to El Pueblo de Ceuta outlining the threat landscape operators must navigate.
Online Gaming: A High-Value Target
Pérez Rodríguez identifies the online gaming sector as particularly exposed due to the high volume of personal data and financial transactions it processes. Identity fraud ranks among the most frequent threats, particularly in relation to how players declare and manage winnings on gaming platforms. But the risks extend well beyond that: fake gambling platforms, money laundering schemes, credential theft, and payment manipulation all feature in the Cibercomandancia's threat assessment. Targeted attacks on sensitive systems and data carry significant economic and reputational consequences for affected operators.
The Human Factor Remains the Weakest Link
Despite advances in defensive technology, the Colonel is unambiguous about where the greatest vulnerability lies.
“Criminals exploit, fundamentally, the vulnerabilities of people.”
— Coronel Jorge Juan Pérez Rodríguez, Head of the Cibercomandancia, Guardia Civil
That message is reinforced by a second observation about attack vectors:
“In the vast majority of cases, the main attack vector is not technological, but human.”
— Coronel Jorge Juan Pérez Rodríguez, Head of the Cibercomandancia, Guardia Civil
The Cibercomandancia identifies two primary risk areas within this human dimension: psychological weaknesses – such as the pursuit of quick gains and excessive trust – and poor digital hygiene, including password reuse and the absence of two-factor authentication systems.
AI Reshapes the Threat Landscape
Artificial intelligence is emerging as a transformative factor in cybercrime, and Pérez Rodríguez is direct about its implications for the sector:
“Artificial intelligence represents a qualitative shift in the cybercrime landscape.”
— Coronel Jorge Juan Pérez Rodríguez, Head of the Cibercomandancia, Guardia Civil
AI-enabled tools can generate highly realistic fake content, automate phishing campaigns, and refine fraud schemes in real time. Yet the Colonel frames the technology as inherently dual-use:
“Artificial intelligence is simultaneously a risk and an opportunity: a risk due to its potential criminal use, but also an opportunity to strengthen the capabilities of security forces in the fight against cybercrime.”
— Coronel Jorge Juan Pérez Rodríguez, Head of the Cibercomandancia, Guardia Civil
“The key lies in anticipating, adapting, and maintaining a permanent capacity for innovation.”
— Coronel Jorge Juan Pérez Rodríguez, Head of the Cibercomandancia, Guardia Civil
Collaboration Through the DGOJ
On the question of public-private cooperation, Pérez Rodríguez notes that coordination between security forces and online gaming operators is currently channeled primarily through the DGOJ – Spain's gaming regulator. He acknowledges, however, that there is potential to strengthen direct channels with operators to accelerate investigations and reporting of incidents. The DGOJ's recent research funding into gaming disorder prevention illustrates how the regulator is expanding its role as a bridge between government priorities and operator obligations.
Implications for Operators and Compliance Teams
The presence of the Cibercomandancia chief at Bet on Ceuta sends a clear signal: cybersecurity in online gaming is no longer a purely technical concern – it is a regulatory and law enforcement priority. For compliance officers and operators, the emphasis on human-vector attacks should prompt a hard review of internal training programmes, not just infrastructure audits.
The observation that AI is already being weaponised to automate phishing and fabricate convincing fraud scenarios raises an urgent question for product and security teams: are existing KYC and fraud detection stacks designed to handle AI-generated threats, or are they calibrated for a pre-AI threat model? This concern is echoed across the industry — European regulators convening to address AI-powered illegal gambling have identified the same accelerating threat vectors. The acknowledged gap in direct operator-law enforcement communication – currently routed through the DGOJ – also suggests that operators seeking faster incident response may need to proactively build those relationships rather than wait for a formal framework to develop.
According to AzarPlus.
