Presented by Akamai
With real money to be stolen, games are a primary target for attackers. How do you protect your game and users from threats without impacting game performance? Join GamesBeat’s Dean Takahashi and others to learn how to effectively thwart cybercriminals of every stripe in this VB Live event.
Games today have become a particularly rich hunting ground for cyber criminals. From November 2017 to March 2019, gaming websites were impacted by over 2 billion credential stuffing attacks, and threats like SQL injection and in-game fraud are rising.
“Money is constantly going in and out of games, and a lot of money being made in general,” says Jonathan Singer, Senior Manager, Global Games Industry, at Akamai Technologies. “It’s not just that gamers are known for being big spenders, but the amount of money that the industry itself makes brings it more and more to the attention of folks outside of the industry.”
A great example of this is last year’s Red Dead Redemption 2 launch, which generated $725 million in the first three days of release, the best opening weekend in entertainment history. That kind of money perks up the attention of cybercriminals.
“The thing is, all games companies are aware that there are significant security risks out there — if you run a games company, you know about DDoS attacks,” Singer says. “Readiness and capabilities are highly dependent on the company itself and how it’s resourced. Sometimes sitting tight is the only strategy a company thinks it can afford.”
The biggest gaming companies have massive multifaceted security teams, or have built their own security technology, their own anti-cheat, their own monitoring software.
“But other companies might not have those resources, and so might not be ready for all the threats,” he explains. “Maybe they’re not ready for anything. Maybe they’re just ready for the threats they think they can afford to be ready for. And some threats, even if you’re really well-resourced, are just horrible to deal with. I don’t think there’s a security team out there who’s saying, now we’re all set and we couldn’t be more ready.”
There are four number-one things companies should do immediately to defend themselves against attacks, Singer says.
If you have a game out there, go back and recode or code your login page or your APIs according to OWASP Reverse Engineering and Code Modification Prevention Project best practices. Then do a penetration test on your login endpoints from a reputable provider. Two, and it’s big obvious one, use anti-DDoS protection. The third number-one thing is to use a bot management solution, especially if you tie value to player accounts. And the fourth number-one thing, is to use an identity as a service provider that will manage your identities for you in a secure and reliable manner.
“If you make games, you want to spend your time and your money making games, and not designing security protocols from scratch,” Singer says. “Security is always a game of risk management. You need to decide, as a company, where are you spending your money, where are you risking money, where are you risking reputation, and where do you want to place your risk when it comes to controlling your security vulnerability.”
To join the conversation around the risks facing the games industry at every level, what the fashionable cybercriminal has got in their attack tool belts, war stories, and successful best practices use cases, join this VB Live event!
Don’t miss out!
- How to protect your game and players from a growing amount of online security threats
- The latest trends in credential abuse and account hacks in gaming
- How web attacks are evolving and where they are headed in the future
- How to integrate security best practices with the rest of the game for best performance
- Jonathan Singer, Sr. Manager, Global Games Industry, Akamai Technologies
- Scott Adams, Founder & CEO, FraudPVP
- Lonnye Bower, COO, ProbablyMonsters
- Steve Ragan, Sr.Technical Writer, Akamai Technologies
- Dean Takahashi, Lead Gaming Writer, VentureBeat