The Gaming industry is worth over 120 Billion globally and will be worth over 200 Billion by 2023. Most gaming providers are now cloud providers that provide an application online that we subscribe to or buy and keep using frequently. We use games as a form of entertainment, to pass the time and also to socialise and collaborate. There are many other uses, but this article will focus on the cybersecurity aspects of this industry.
It is common knowledge that you need to protect your account when playing games as the account that you use to log in is the account that is used to save the data for the game that you play. In many cases, the games that you play have many hours of gameplay, and this also can equate to a monetary value that has some worth. Account farming and mining is a well-known practice where others play the game on your behalf in vast manual farms or automated mining systems to level up the user and get them the coin and gold needed to advance in the game. Some users, when playing the games, gain artefacts that can take 100s of hours to gain, thus pushing the value of these artefacts up.
In practice, in-game artefacts have real-world value, and along with these artefacts, you end up with street cred or a reputation amongst the clans and groups that you play with. This reputation can take years to build. In short, gaming is like a hobby that you invest in, and your digital media, skins, gold, coin and credit, along with the reputation, is like a second life in digital format. It is common to link these accounts to social media and then to use the social media avatar to wander around lobbies and games to interact with others and play the game under that profile.
You can quickly draw the conclusion that in many cases, the gaming industry is as advanced as the corporate environments we all work in, but one question stands, is it safe and is cybersecurity taken seriously?
Cybersecurity risks gamers should be aware of
When surveying the top 50 games in 2020-2021 it was found that only 24% of the games in the sample had any reasonable level of cybersecurity applied; in many cases, all you needed to play was any social media account or any username and password. It was apparent that anyone could play, and anyone could easily reach out to anyone else, and there was no form of identification or validation.
There are hundreds of thousands of users whose accounts have been hacked and their valuable artefacts used in a ransom type of attack or their items sold to the highest bidder both on the clear web and on the dark web on markets that specialise in this type of sale.
Millions are being made, and, in 2021 alone, over 100 million USD have been traded in stolen artefacts and the number is growing. This could have been stopped by the gamers using multi-factor authentication (MFA) and in many cases, the vendors supply MFA but are just not turned on for the gamer.
Microsoft is leading the charge as the solution is to enable multi-factor authentication (MFA) and then to check the user, but they are moving quite slowly as they don’t want to annoy their userbase. Thus Microsoft has been working on passwordless authentication along with companies like GetIDEE, who is removing passwords from the equation. They are now deploying innovative solutions that authenticate users in a multi-layered app that checks that the user is ‘real’ and let them in dynamically if it’s sure they are authentic.
The challenge then will be that the accounts have such high value that the hackers attack the gamers whilst they are playing by hijacking them whilst in the game, similar to hijacking a car when it’s being driven because they can’t steal the keys or break-in. So gamer hijacking is going to become a ‘thing’ as MFA gets rolled out.
Online gaming cybersecurity solutions
Now you probably wonder what’s the solution? Well, what man can make, man can break, so we can only do our best. Soon passwords will disappear, and then conscious automation of the gamer is done using gamer gameplay dynamics which detects how the user is playing the game to identify them so that hackers can’t steal their account and credentials.
ENHALO is already working on this with several world-class gaming vendors to develop dynamic systems to detect the gamer and only allow that individual to play. As a new gamer sharing the account is detected, we send the first gamer a request to approve the new gamer to be merged into the profile or to create a new profile.
Today, gamers are losing their shirts to hackers and hours of gaming and digital goods are being stolen, translating to a loss of real money as digital is the new gold. So defending against these attacks and defending your identity is key to preserve all those precious hours and digital gold.
