Gaming Industry

The Biggest Mistakes Online Gaming CISOs are Making

February 23, 2021

The Biggest Mistakes Online Gaming CISOs are Making

With the online gaming industry expected to surpass $200 billion in revenue by 2023, it is no surprise that hackers have set their sights on an industry that is not only overflowing with money, but is also rife with data.

While online gaming companies have become acutely aware of the threats posed by cyber attacks and have implemented high security budgets, robust fraud detection, strong IT infrastructures and substantial financial tracking systems, their budgets and resources are often not being allocated properly, resulting in significant gaps and glaring vulnerabilities.

Watch our CEO and Founder, Reuven Aronashvili speaks about the 3 biggest mistakes gaming CISOs are making.

After aggregating data on hundreds of online gaming companies, we identified some of the biggest issues facing the industry today:

1 – Over-focusing on the “front gates” while neglecting other critical assets

Most online gaming companies are very secure when it comes to their internet perimeters and gaming applications, but are poorly protected when it comes to the corresponding infrastructure within the organization. The problem therefore lies when bad actors manage to infiltrate a company’s front gate and try to attack from the inside. As a result, while online gaming companies may have significant cybersecurity budgets, their overall cyber resilience is quite low because they are not allocating their resources properly. Companies need to implement a multi-layered approach to ensure that hackers are forced to bypass many different security controls before they are able to infiltrate the organization, breach the company and access its most critical business assets.

2 – Prioritizing risks without business context

All companies want to optimize their investments and get the highest value for money. However, calculating cybersecurity risks within an organization is often based on CVSS, the industry standard for assessing the severity of security vulnerabilities, which does not take business contexts into account. When trying to evaluate the severity of different vulnerabilities, companies need to prioritize the vulnerabilities that pose the highest risks to their critical business assets at the lowest cost.

3 – Confusing technology investments with cybersecurity maturity

While technology can be highly efficient when integrated properly into the organization’s processes, procedures and skill level, technology, alone, does equal capability. In fact, if not implemented correctly, it can actually be damaging, as it increases the attack surface of the organization. When organizations think about technology, they need to think about the capability and integrating the technology with the relevant security needs, while being able to activate the technology in an effective way.

Time to move from big mistakes to big lessons:

Our recommendations on how to achieve an effective gaming security program:

1 – Achieving complete visibility of business assets at risk by leveraging cyber experts and innovative technology to conduct real, non-simulated attacks. Exposing all misconfigurations and vulnerabilities is a crucial step in understanding the cybersecurity posture of an organization.

2 – Evaluating realistic business risk ratings by translating technical risks using threat intelligence and graph modeling. Cyber risks are not only technical issues, but business priorities that have direct implications on a company’s continuity, health and valuation. As a result, companies need to set their sights on quantifying cybersecurity risks and correlating them with the potential business impact.

3 – Optimizing resource allocation for risk mitigation by correlating business impact with the threat severity, exploitability and required resources for mitigation. Companies need to take a risk-based approach, by evaluating each vulnerability and calculating the attack routes that are leveraging that specific vulnerability to gain access to business critical assets. By doing so, organizations will be able to identify the most cost efficient way to improve their overall cybersecurity resilience.

Read our latest eBook to learn about the greatest threats facing online gaming companies, how to ensure your resources are being allocated effectively and best practices for building more resilient online gaming systems.