Security Isn’t Just a Hobby for Gaming Companies
By Joel Sivan, Head of Customer Success and Professional Services, Rezilion
Back in the 90s, gaming companies were mainly occupied with physical security and less with cyber threats. With single-player PC games or consoles like Sega, Nintendo, and PS1, the only perceived threat to gaming companies was someone burning CDs or using the notorious modchip that allowed potential customers to use illegal copies of their favorite games.
As technology grew more advanced, gaming companies offered their customers a much more robust experience. For instance, four players playing via LAN simultaneously or through games like Battlefield 1942 and Counter-Strike which increased gaming popularity and introduced users to a borderless world where they could play from multiple regions over WAN.
This technological advancement was a blessing and a curse. We rarely hear about packet loss, slow ping, and software crushing anymore; however, threats like Fortnite hackers and crypto miners overtaking computers hosting gameplay have replaced those inconveniences. Hacking and ransomware attacks against top gaming companies like Electronic Arts, Ubisoft, and Nintendo are now part of everyday reality for company CISOs.
In some ways, gaming companies face threats like every other industry, but they have a number of unique factors that make them more likely targets. Unlike other organizations, gaming companies host servers that connect to millions of users at once, where the users are not only querying data but also ingesting data in formats like audio, chat, and video. Giving customers the integrated experience that they expect means multiple entry points like UDP ports and other communication services need to be exposed. Additionally, for this operation to keep going, video games store PII and credit cards which only increases the potential gain for hackers and, therefore, the potential for attacks.
Another factor that raises the threat profile of gaming companies is their audience. Gamers and hackers overlap in many ways, such as advanced knowledge of IT and even coding. It’s therefore no surprise that sophisticated cybercriminals would be eager to hack companies with endless numbers of externally facing assets and operating in a market worth 178 billion dollars (Clemenet, 2021). APT groups are happy to promote their campaigns and success in hacking platforms used by millions of users, particularly when those multiplayer video games often have monetization elements where virtual assets can be purchased with real money.
So as someone responsible for securing a gaming platform, what should you do?
1. Enforce your pipeline – If your code is developed in an ad hoc manner, it’s harder to detect anomalies before or after release. With an enforced pipeline, you can implement secure development tools and processes to ensure that no vulnerable image or code finds its way to production.
2. Eliminate your code debt – Over time, images get overloaded with unused code from third-party libraries and past releases. Product security should make sure to map the code running in production and understand if it’s needed to run or not. A potential breach may occur from a legacy vulnerability that was there since v1. This code may be unnecessary for users to enjoy your first-person shooting or soccer game, but it could still lead to potential issues.
3. Deploy a mature vulnerability remediation pipeline – if you are not sure how to read our article speaking just about it.
4. If you can’t remediate it, then mitigate it – Many mid-size businesses and above spend a fortune on compensating controls. However, your firewall and IPS/IDS may be coming from different vendors and thus require integration. Spend time integrating all of your compensating controls and ensuring that you have shortlisted the vulnerabilities you can not remediate. Stay on top of vendors’ disclosure and use products that can help you mitigate vulnerabilities before being released in production.
Because of video gaming’s popularity, video game companies and their customers are simply at higher risk for hacking, ransomware attacks, and data loss. In order to protect your business and customers from these vulnerabilities in the future, you need to take steps now. Rezilion helps level up your cybersecurity with solutions that help you minimize threats. Ensuring that your company isn’t compromised in a hack or ransomware attack is the key to ensuring it doesn’t suffer significant financial or reputational losses realized by countless other companies. Contact us today to learn how Rezilion can help keep you in the game.