Howard & Howard Attorneys: Keeping cyberattacks at bay in the gaming industry
Rita W. Garry, JD, CIPP/US of Howard & Howard Attorneys, returns to the Gaming America pages to discuss minimizing the risk of cyberattacks across the industry.
Gaming is everywhere. Cybercriminals are everywhere all the time. In a $300bn industry working across multiple forums – casinos, mobile apps, iGaming, PCs, esports betting, to name a few – the cyber risks seem endless, inevitable, expensive and unpreventable. Yet everyone tries to limit the risks to protect player data and revenue streams, maintain brand reputation, enhance player engagement, avoid regulatory fines and civil litigation. Generally, they want to be a good partner in a complex ecosystem of owners, operators, developers, service providers, regulators, players and guests.
With vast quantities of personal data and meaningful financial transactions, it is not hard to see why the industry is a popular target for cyber criminals executing data breaches, ransomware attacks, account takeovers, phishing scams and social engineering, fraud and cheating software. The criminals exploit vulnerabilities in game infrastructure, networks, databases and online communication platforms, and take advantage of all potential weaknesses. So, the work must continue and be ongoing to proactively measure and mitigate cybersecurity risks.
Best practices
The first, and arguably most important, step is to honestly assess your organization’s physical and digital environments; and how data enters and exits those areas (identify attack surfaces), categorize the data flow types (confidential, personal, nonpersonal), and identify the parties with access and rights to use the data (employees, players, third-party contractors). This big-picture viewpoint will help make choices about cybersecurity strategies more contextually purposeful. Here are several essential strategies:
Adopt strong authentication methods
Ensuring players use strong authentication protocols is one of the first steps to prevent account takeovers and data breaches. Multi-factor authentication (MFA) is one of the most effective ways to secure accounts. By requiring an additional layer of security, such as a text message code or authentication app, developers can make it more difficult for attackers to gain unauthorized access to player accounts. Additionally, game development should include strong password protocols.
Implement robust data encryption
Player data, including personally identifiable information (PII) and payment details, should be encrypted both in transit and at rest. SSL/TLS encryption should be used for secure communication between gaming servers and clients, ensuring any sensitive data transferred over the network remains protected.
Regularly update and patch systems
Outdated software, including game servers and related applications, can have known vulnerabilities that attackers can exploit. Developers should regularly update their systems and promptly apply security patches to fix any identified weaknesses. This is particularly important for online multiplayer games, where vulnerabilities in servers or game clients can be leveraged for attacks like ransomware or exploits that allow cheating. Security updates should also be integrated into gaming platforms (e.g., Xbox, PlayStation, Steam) to prevent malicious software or hacking tools from gaining access through third-party applications.
Utilize anti-cheat technologies
One of the persistent challenges in gaming is combating cheating. Cheaters use tools to exploit game mechanics, undermine gameplay and gain an unfair advantage. This not only affects gameplay quality but can also expose gaming systems to cyber risks, such as malware that infects the game client or server. To address this, developers should invest in anti-cheat technologies to detect and prevent cheating software. These tools can identify suspicious patterns and behaviors associated with cheating, including aimbots, wallhacks and other exploits, and prevent players from gaining an unfair advantage.
Certify to a security standard
Undertaking certifications to relevant cybersecurity frameworks – NIST Cybersecurity Framework, ISO/IEC 27001, PCI DSS, SOC 2 – helps organization identify their assets, implement controls to protect those assets, standardize communications, and gain discipline in regular monitoring and improvement. Regular security audits can identify vulnerabilities in game architecture, require routine assessments, penetration testing, vulnerability scanning and code review.
Educate players
While developers play a critical role in protecting game infrastructure, players also have a responsibility to safeguard their accounts and personal information. Game companies can provide players with education on safe gaming practices, such as recognizing phishing attacks, using unique and strong passwords, and reporting suspicious behavior. Educational materials should also explain the importance of never sharing account credentials, using secure payment methods for in-game purchases and remaining vigilant against social engineering tactics used by cybercriminals.
Deploy Threat Intelligence Tools (TIPs)
TIPs are software platforms that collect, analyze and provide actionable data about cyber threats and vulnerabilities. TIPs provide various types of intelligence – strategic, tactical, operational – align decision making, understand cyber criminals’ tactics, techniques and procedures, and provide real time threat alerts to mitigate loss and speed up response time.
Implement secure payment systems
Given the high volume of in-game purchases and virtual currencies, ensuring secure payment systems is vital to minimizing fraud and financial attacks. Developers should integrate trusted and secure payment gateways, such as PayPal, Stripe, or Apple Pay, and ensure they comply with payment card industry data security standards (PCI DSS).
Capitalizing on the above strategies will ensure a proactive approach with maximum vigilance. The defense never sleeps when the threat is ever-present.
Tags/Keywords
Players trust our reporting due to our commitment to unbiased and professional evaluations of the iGaming sector. We track hundreds of platforms and industry updates daily to ensure our news feed and leaderboards reflect the most recent market shifts. With nearly two decades of experience within iGaming, our team provides a wealth of expert knowledge. This long-standing expertise enables us to deliver thorough, reliable news and guidance to our readers.
Latest News
