“It’s all fun and games until someone loses an eye or our system gets compromised.” – Some cloud gaming executive (probably)
The video game industry is expected to hit $196 billion in 2022, and enjoyed by nearly 3 billion users. A market this size makes attacks on game companies irresistible, whether it’s for the challenge, street cred, money, or a combination of all three.
A successful attack on a high-profile game would make an attacker notorious amongst their peers, putting game companies at higher risk of more complex and frequent attacks.
Gaming gone mainstream
The pandemic saw more people engaging with online gaming for the first time, or increasing their playing time online, and games have moved toward mobile platforms and massively multiplayer titles.
Gaming, once an activity geared towards children, suddenly became mainstream.
According to Gartner :
- Adults between the ages of 45 and 54 increased their gaming time by 59% over the last year, while their dollar spend rose by 76%
- For the 55 to 64 age group, time and money spent jumped by 48% and 73%, respectively
Gartner further reported that games such as Fortnite and Animal Crossing flew off physical and digital shelves, and even Xbox “reboxed” consoles as part of a campaign to help senior citizens and young people come together through gaming.
Criminals are no longer just NPCs
Unfortunately, that success has painted a target on the industry that hackers and cybercriminals can’t resist. Attackers know that gaming companies are reliant on a complex web of cloud infrastructure that must stay online in order to stay in business.
This means attacks are likely to continue at a faster pace. As an example, Akamai reported the video game industry suffered more than 240 million web application attacks in 2020, a 340% increase over 2019.
If an increasing cadence of attacks wasn’t enough, gaming companies have unique challenges with compliance issues when compared to other industries. Most game titles are globally distributed and different countries have varying compliance requirements, meaning safeguarding customers’ personally identifiable information (PII) including user data and payment details.
Grab a health pack
Although video game cloud security can be as difficult as some of the games out there, we’ll let you in on a little cheat code: Lacework.
Continuous visibility across their quickly changing cloud environments is essential to spot both known and unknown threats, especially for game builders that quickly develop and publish games.
The Lacework Polygraph® Data Platform provides visibility and insight into the security risks and threats that gaming operators struggle with as they strive to protect their players. By using a combination of AI and machine learning, Lacework continuously monitors for anomalous behavior, alerting to those activities unusual for your cloud environment.
No rules, rules!
Lacework employs an anomaly-based security approach, which scans for both known CVEs and unknown threats and vulnerabilities that could result in large scale compromises such as user data breaches, IP theft, and ransomware.
Only Lacework can collect, analyze, and accurately correlate data across an organization’s AWS (including ARM Graviton2), Microsoft Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter.
Additionally, Lacework’s comprehensive configuration compliance monitoring tools for security practitioners and DevOps teams help detect IaaS account configurations that violate several compliance standards and security best practices that could put your infrastructure and customer data at risk.
To learn about it in more detail, download our ebook, “Game on: Don’t play around with cloud security.“
Article Link: Gaming and cloud security, don’t get played