Cyber Security For Gamers

Blog Credit: Trupti Thakur

Image Courtesy: Google

The gaming industry has evolved in leaps and bounds from the time of arcade games to mega multiplayer games such as Fortnite, FIFA 17, Call of Duty, GT Sport, Metal Gear Solid, and PUBG. From video games to online gaming, gaming platforms have evolved a lot to offer browser and app-based games on Windows, macOS, Android, and iOS, various gaming consoles such as Xbox, PlayStation, etc., and casinos. The industry has grown tremendously and there is serious money involved. Gaming industry revenues are predicted to touch 180.1 bn by 2021. Gaming has created such a craze that media giants such as Netflix consider Fortnite to be a bigger competitor than HBO This is a valid concern with billions of people across demographics engaged in gaming globally. It is no surprise that such a lucrative industry has caught the eye of cybercriminals. Predictably, the gaming industry has been plagued by cyberattacks with hackers carrying out 12 billion attacks in just 17 months according to an Akamai report!

“The online gaming community will be an emerging hacker surface, with cybercriminals posing as gamers and gaining access to the computers and personal data of trusting players.” —- 2019 Experian Data breach industry forecast

The stakes are high

The gaming industry is sitting on a hotbed of coveted data – vast amounts of instances of personally identifiable information (PII) and credit card information of gamers worldwide. It’s the responsibility of the industry to protect this information and ensure that their platforms are a safe environment for gamers.

As evidenced by other industries such as banking and retail, the impact of a customer data breach can be far-reaching. Other than making gamers vulnerable via disclosure of sensitive personal data, gaming companies themselves are at risk of financial and reputational damage. Regulations around privacy and personal data protection are also becoming increasingly stringent to protect gaming companies, gamers, financial institutions, and taxpayers. For instance, the gaming industry is required to comply with the global Payment Card Industry Data Security Standard (PCI DSS) which requires that gamers’ credit card details are kept secure. The GDPR (General Data Protection Regulation) gives supervisory authorities the power to fine non-compliant organizations €20 million or 4% of global annual turnover, whichever is greater. Various local regulations also require that gaming transactions can be audited.

However, the most significant impact of a breach is on customer trust. Gamers often spend a lot of time and money to build their online identity, making it a valuable asset that must be protected. Even if a game does not pay out real money, virtual assets in multi-player online games can often be sold for hard cash. Heavy users and high rollers increasingly expect gaming companies to protect their identities and therefore their assets. A breach of this trust can cause irreparable damage to customer loyalty. The answer to a secure and trustworthy system lies in a strong cybersecurity approach.

Protecting the turf with Cybersecurity controls

Recent checks have discovered several vulnerabilities in large gaming platforms that leave user data vulnerable. According to the Threat Metrix Gaming and Gambling Cybercrime Report, approximately 5% of new accounts created on online gaming sites are connected to a fraudster. And hackers are coming up with new strategies! In a creative hack of a popular game, young players were being taught to hack others’ accounts to collect rare and valuable skins– a breach that has led to a class-action lawsuit against the gaming company.

In a world where cybercriminals are getting bolder (think a billion data records released on the dark web by a hacker), it’s imperative that gaming companies invest in and make use of the right security controls. The industry should adopt cybersecurity in the entire lifecycle of game development and deployment along with the platforms on which these are used. High-level guidelines to achieve better security assurance:

• Enable multi factor authentication to protect against identity theft
• Comply with PCI DSS and institute safe online payments to protect financial information
• Ensure confidentiality of databases to protect sensitive information from being disclosed to unauthorized parties
  
• Put a stop to back date frauds
• Ensure protection against DoS and DDoS attacks that disrupt gamer experience by breaking connectivity
• Ensure that security is embedded in the entire lifecycle of game development, release campaigns, marketing etc.
• Protect against in-game phishing that usually happens via the messaging feature within the games
  

Wipro has been working with several gaming clients to build and strengthen cybersecurity. With our vast experience in various verticals that have higher risk potential and our best-in-class security offerings, we can partner to provide higher cybersecurity assurance to gaming companies. Our Cybersecurity and Risk Services (CRS) practice helps customers define their cybersecurity strategy and needs, incorporating best-recommended practices across the people, process, and technology platforms.

A safe space

At the end of the day, people indulge in gaming for entertainment. If it becomes a threat to their financial and reputational well-being, they will shy away from it and seek other safer modes of entertainment. To prevent such a scenario, the gaming industry needs to bake cybersecurity into the software, hardware, and networks, with stronger authentications and other security controls to make it tougher for attackers to take over. Finally, a large number of gamers are young players with limited understanding of security practices. It’s a moral responsibility of the industry to provide them with a trusted community to play in.

Blog By: Trupti Thakur