IT workers in video game space need to be aware of security risks, solutions

At around $187 billion in revenue last year, the video game industry is serious business—and with that size and influence, it’s a prime target for attackers.

Chris Anley, a chief scientist with research firm NCC Group, told IT Brew that security issues in games run the gamut from platform-related concerns like social engineering to standard cyberattacks like ransomware. Those threats aren’t ignored, even if they’re not front-and-center for the IT pros and developers working on the games.

But the threat is real, especially in a BYOD environment.

“Games are becoming more complex, the interactions with the player base is richer, so persuading someone to click on a link within a game might cause the execution of arbitrary code on your corporate computer,” Anley said.

Logging on. Adding to that complexity is the online component, said Kevin Janzen, CEO of Globant’s gaming and ed. tech AI studio. Every game, from free-to-play phone games to larger multiplayer games, is connected to the web on one level or another.

“It forces you also to spend money on cybersecurity, because you know you’re going to be subject to attacks and you know ill-intended groups that really want to either have fun at your expense or even make money,” Janzen said.

Cash rules everything around me. Budgeting for that expense has to be part of game development, Janzen continued. He told IT Brew that consumers need to keep that in mind when they’re buying games and make sure that whoever is developing them is prioritizing their safety and security.

“As a consumer, we also need to be informed and be careful, especially because in many cases the users are kids that…perhaps are completely oblivious of the threats that they are being subjected to,” Janzen said.

He added that, as a parent, he believes that there should be a higher standard “in terms of ensuring that the person that joins and interacts within the platform is not a predator.”

Make it real. For back-end developers and industry IT professionals in general, video games suffer from the same cybersecurity problems as the overall tech sector. Supply-chain concerns around third-party software clients and backend services present challenges. Taking payment information and providing what’s essentially a platform for users to exchange rich text and other messages presents a significant attack surface. That means IT developers need to ensure they take time to write code responsibly—no easy task in a highly competitive industry where speed is of the essence.

“You’ve got this balance of speed versus security, there’s a dynamic there in terms of, secure coding takes longer,” Anley said. “Producing a quality game is very difficult, and then there’s the market pressures that nudge you towards getting the game out quickly, which means that you may not have kicked the tires on all of the complex cybersecurity attack surface.”

This leads to a difficult scenario for video game IT workers, who must balance the needs of the company, the security of users, and what’s realistically doable.

“The pressure on gaming companies is they’re not just writing probably the most complex and demanding category of software there is—high-performance video games, parsing complex network stacks and all that stuff,” Anley said. “They’re also having to deal with all of the same challenges as anyone taking payments online and protecting their users, and they have the same problem as social media networks, which is user-supplied content that may be hostile to other users or illegal in various different ways.”