A fresh outlook on how cybersecurity can help the gaming industry combat evolving threats
With the upswing in the entertainment business, we must acknowledge the evolution of the gaming industry from video games to online games and the serious money involved. The global gaming market is forecast to be worth USD 256.97Bn by 2025. It is no surprise that this industry has attracted cybercriminals and has become an emerging hacker surface with nearly 10Bn credential stuffing in the gaming sector between 2018-20 as per the Akamai report –State of the Internet/Security report, Gaming: You Can’t Solo Security. Cyber-attacks have spiked amid the lockdowns as people got stuck and turned towards entertainment. To serve their large customer base in a short span of time, gaming organizations have become vulnerable to attacks by running too fast on their architecture and network.
The Ongoing Cyber Attacks
Late last year, a leading manufacturer and distributor of electronic game machines were targeted with a ransomware cyber-attack that compromised more than 300,000 personal records. In February 2021, another leading gaming organization announced that a cyber-attack had been carried out on its internal network. On refusing the ransom demanded by the hackers, the data was auctioned on the dark web. The recent attack in April 2021 on a major online game publisher, with more than 700GB of data stolen, is a testimony that as the gaming companies have grown, the cyberattacks have also increased.
Between 2019 and 2020, there have been more than 3,000 DDoS attacks against the gaming industry. Local File Inclusion (LFI) was a notable attack vector, where the attackers set up fake but believable messages and sites about gaming. The objective is to trick gamers into signing in with and revealing their login credentials, which can expose player and game details that can ultimately be used for exploitation.
Understanding The Risks
Games customized for smartphones and tablets are generally lightweight as compared to the ones built for PCs and consoles. Hence, there is a high likelihood of security measures being overlooked during the development phase. It has been observed that there is an increase of alternate versions of these games built by the malicious actors on third-party app stores since such stores may not have stringent security requirements. Such alternative apps often pose security risks. These appear to be legitimate versions but have malicious code injected into them which may enable it to gain access to the data on their mobile devices. Nowadays with work from home as the new normal, mobile devices may be used for both personal and official reasons, therefore malware may be a threat to not just your family but also your organization. With mobiles being hacked, a threat actor could gain access to the organization’s infrastructure and carry out a larger attack.
Now with 5G and pervasive immersive technologies, there is going to be a steep rise in cloud-based gaming, enabling Augmented Reality (AR) and Virtual Reality (VR) to go well beyond limitations posed by the existing technology. As 5G is ready to change the overall gaming experience with its record-breaking speed, it has also increased the attack surface for far more hostile agents by replacing hardware components that had the potential to halt malicious cyber-attacks with the software.
Therefore, it is the need of the hour for organizations to have a proactive, pragmatic, strategic, and agile approach that ensures that the significant risks confronted by the gamers and the respective gaming companies are timely mitigated through appropriate security controls. To drive this, it is imperative for gaming organizations to invest in cyber resilience. The spectrum of cyber resilience is described as the ability of an organization to prepare, respond, recover and adapt when cyberattacks happen and limit the effect of the attack knowing their crown jewels, proactively identifying the threats vectors, have a deep understanding of risks, and bring cybersecurity into the planning stage of every new initiative.
The Gaming industry will continue to grow, the gamers who are young and come on the platform to play should not constantly worry about their data; hence it is of utmost importance for the organizations to strengthen their resilience against cyberattacks and provide a trusted and safe platform to play in. The organizations can take advantage of a ‘security by design approach to navigate risks in transformation, product, or service design at the onset – instead of as an afterthought, and enable trust in them so that organizations can take on more risk, lead transformational change and innovate with confidence. Cybersecurity must have a seat at the leadership table. There is a golden opportunity for organizations to put enhanced cybersecurity and privacy at the heart of their strategy for competitive advantage and differentiation.
The author Kunal Bhatia is partner at EY Cybersecurity