From Developer to End User: Why Cybersecurity in Gaming Must be A Team Effort

Gaming certainly isn’t what it used to be, and as it storms increasingly into the mainstream, there’s one thing that the gamers of the world need to keep front of mind: security. Writing exclusively for TheGamingEconomy, Paul Lipman (pictured below), CEO, Bullguard, explains why the risks are greater than you think, and how tackling cybersecurity in gaming needs to be a team effort.

Not long ago the term ‘gamer’ evoked images of a young man, perhaps holed up in his parents’ basement with a headset on and soda cans strewn about, glued to his couch as he played never-ending fantasy games on a PC or TV monitor.

Today that image couldn’t be farther from the reality of the average ‘gamer,’ thanks to the ubiquity of gaming and mobile devices. Now 41% of gamers are women and their average age is 44. People play all kinds of games on their mobile devices and PCs and do it while standing in line, working, waiting for carpool, or on the weekends as recreation. Gaming has folded into our lives in the same way our smartphones have.

The online gaming industry remains one of the fastest growing in the world. A cash cow for mobile and PC alike, revenues are predicted to top USD$230bn (£175bn) over the next four years. The portability of gaming means users can engage nearly anywhere. Game developers are integrating the latest technology features to reach new audiences and monetise activity. Underneath all of this interaction lies a more sinister threat, as the risk of cyber attacks grow exponentially.

The inherent vulnerability of gaming

Cybersecurity can feel off-putting to gamers who want to focus on gameplay, particularly when it requires regular updates that slow down a computer or device and impede using the game.

As games grow more and more sophisticated, with ongoing and encouraged social elements at every level, the value of the game lies in its speed and its ability to transport the user out of the physical world and into the virtual world. When engrossed in a game in virtual land, no one wants to talk about security.

In addition, the social and network aspect of games allows malicious cyber threats to quickly take root and spread. In highly interactive games, especially those with teams and chat capabilities, it’s all too easy for users to share or gather too much information. Bonds formed between team members lead users to feel comfortable sharing their real identities, locations and more personal information, putting them at greater risk of malicious use of their private information.

Paul Lipman, CEO, Bullguard

Account takeover (ATO) is spreading speedily across the gaming space. When gamers dedicate significant time and resources to master a game and level up through the ranks, their accounts and the progress linked to them are leverage enough for hackers. Essentially, accounts can be held hostage until the user agrees to some type of crypto payment to restore the account they worked so hard to build. “League of Legends” suffered many all-too-common cases in which hackers infiltrated legitimate user accounts and posed as friends to those on their virtual team, sending spammy messages with links to seemingly free virtual assets needed in the game. These links rerouted users to phoney websites designed to look like the game’s site and asking for login credentials. Rather than gain access to free content, user information is phished and they are left vulnerable to potential ATO themselves. This kind of fraud is disruptive to players and detrimental to game developers.

The platform does not guarantee protection

Gamers by and large, trust the platforms and publishers to manage security from their side, but this isn’t always the case. In fact, platforms often suffer vulnerabilities from gamers themselves. Niantic recently reacted to just that in a relatively drastic way. After an update in August, many “Pokémon GOusers found themselves locked out of their accounts when developers used storage read permissions to scan user storage for evidence of rooting. User’s accounts were locked if developers found any file relating to rooting in their internal storage – a common tactic for cheating on Android mobile devices.

The massive hype of new games and new features mean gamers clamour for the latest and greatest in online and mobile gameplay. This desire to experience games before they are released or become available on certain platforms inspires users to scour the internet looking for links to sample gameplay or illegal downloads, an easy place to hide malware.

Popular game Fortnite may have started a new trend by not releasing the Android version of the game through the Google Play store, instead offering it as a download through parent company Epic Games’ site. This is causing significant security concerns as users have to disable a key security feature in order to load the game. Many may not think to re-enable the security feature again, a fact that scammers are poised to exploit.

Security is a team effort

With the constant shifting of threats it can feel like cybercriminals are always one step ahead of any security measure, but in truth, smart cybersecurity features prevent the vast majority of threats from causing harm. To be truly safe, the effort has to be collaborative between gaming developers, cybersecurity vendors and end users themselves.

Developers should consider security a game feature from the ground up, and use security requirements as a gateway to gameplay. Marketers can support this effort by hyping security features and encouraging users to take advantage of them to unlock additional features of the game – adding an element of gamification to the security measures themselves.

Gamers – often among the most tech-savvy users – should make a concerted effort to keep software and devices up to date with the latest security measures. It’s also time to drop the notion that security features impede gameplay, as that does not have to be the case.  Security vendors have made a considerable effort in the last few years to add game-boosting features to their solutions, allowing users to have an immersive and uninterrupted gaming experience without having to disable security features.

As cybersecurity continues to improve and boosts gameplay rather than hinders it, a collective effort between developers and gamers will be the best deterrent to cybercrime and ensure users enjoy the experience without putting themselves at risk.