The video game industry is being targeted more than ever by cyber attacks, taking massive financial and reputational hits every day. But there are increasingly sophisticated ways to lock out the hackers, keep your users safe, and your intellectual property secure. Catch up on this VB Live event to learn more!
Hackers go where the money is — and right now, the games industry is booming. In 2017, the global games market generated $116 billion in revenue – with 43 percent of that, or $50.4 billion, coming from mobile games. Developers are finding themselves more and more vulnerable to concentrated attacks which have increasingly far-reaching consequences, say Ryan Safarian, VP of engineering at JumpRamp Games and Arash S.Haghighi, manager of infrastructure at Smilegate West.
The hidden consequences
“The revenue impact [of cyber attacks], depending on who you ask, is always going to be the biggest risk to any of your business,” Safarian says. “And there’s major impact to your hardcore players who are dedicated, whose trust you’ve earned.”
It’s far more cost effective to retain rather than acquire brand-new users. To keep your core user base satisfied, you’ve got to ensure that their session and their app is completely unmolested, and they have a very steady and consistent experience. Any disruption is going to send them screaming out the door.
“Of course you’ll have players and customers complaining, and it’s really dangerous for your business,” Haghighi adds. “If compensation comes from your competitors, or they convince your users they’re safer, then your users will go to them.”
But the new user acquisition funnel is going to be hit hard as well, and that’s often the trickiest, and most expensive, impact to bounce back from. Very few games have that sweet viral pull, which means you’re constantly purchasing and acquiring new users from various different pipelines.
In the wake of a cyber attack, the revenue impact on new user acquisition is profound, Safarian explains.
“When an attack occurs, you have to suspend your new user acquisition funnels, which immediately throws off all your third-party analytics and data,” he says. “If your application is at a standstill, or it’s at a halt, you’re now essentially triggering off a series of events that will take a long time to recover from.”
When conversion rates completely dip, you sink way down on the chart immediately — and regaining your original numbers is an incredibly expensive uphill battle.
The loss or exposure of personal information is also a huge danger, both in terms of reputation and the risk you expose your company to, Haghighi says. Hackers can leak that information, opening you up to lawsuits, or use that information as leverage against your company.
But there’s also a deeper business impact, as far as third-party relationships. JumpRamp, for example, has relationships with Hasbro and MLBPA, which require specific efforts to secure and protect the storage and transmission of personal identifiable information.
“If there’s any kind of misstep, all of a sudden that relationship dissolves,” Safarian says. “It’s a major detriment to that contract.”
Can they be stopped?
Are cyber attacks preventable?
“That’s a loaded question,” says Safarian. “I’m just going to flat out say no, you can’t prevent it. If you have any endpoint, any API, whether it be restful or not, you are essentially available for an attack. There’s a liability there. There’s always going to be a bad actor out there that’s going to try to attack your system, so you can’t prevent it, in my opinion.”
“Security’s not 100 percent,” Haghighi adds, “which means that even if you try to protect as much as you can, there are always new ways, new technologies, and new areas to leak. It will happen.”
But that doesn’t mean an attack will — or should be able to — bring you down, they both say.
The most critical steps are to lessen your attack surface area, use best practices, build guard rails around your most critical systems, and power-up your threat detection.
That means that you have to know your game architecture, Haghighi says. You have to know your service architecture, and your organization architecture, and working data flow.
You particularly need to keep an eye on your ingress and your egress, Safarian says. You want to get a solid understanding of what your activity cycle looks like over a set period of time, as defined by your business, whether it be a session, a day, a week, a month, and so on. What are your peaks? What are your valleys? What do things look like over the course of a typical day?
That offers a powerful baseline to work from, they explain, enabling you to build predictions around what legit activity looks like, and flagging hostile actions immediately.
“At the end of the day, you don’t know what you don’t know,” Safarian says. “The more detail that you have around the transactions that are going in and out of your system, the more educated and the more prepared you’re going to be to detect these attacks and defend against them.”
For more in-depth discussion and insight from digital security experts on how to shore up your attack detection, ensure hackers aren’t successful, and reassure your users that they’re safe, don’t miss this VB Live event!
You’ll learn about:
- How to prevent data breaches, SQL injections, cross-site scripting, remote file inclusion, and other cyberattacks.
- Integrating cloud and on-premises solutions
- How to handle larger, Internet-scale attacks
- Preventing the reputation hit that hacked accounts or downed sites bring
- Ryan Safarian, VP Engineering, JumpRamp Games
- Arash S.Haghighi, Manager of Infrastructure, Smilegate West
- Dean Takahashi, Lead Writer, GamesBeat, VentureBeat
- Rachael Brownell, Moderator, VentureBeat
Sponsored by: Akamai