It’s in the game (but it shouldn’t be)
In June, Vice reported that hackers broke into Electronic Arts (EA) systems, one of the largest video game companies in the world, and stole the source code used in corporate games. This should serve as a wake-up call for game companies to reexamine the resilience of their cybersecurity programs.
The hackers bought the cookie files from an EA developer for a few dollars on the Dark Web. They used the cookie files to access the individual’s EA Slack account, which allowed them to contact IT and pose as employees claiming to have lost their phone and needed a security token to access the company’s internal server.
Although the identity of the perpetrators remains unknown, they have reportedly downloaded 780 GB of data, including the source code for games such as FIFA 21 and the proprietary game engine Frostbite.
Given the number of legal issues EA is facing – including on gaming in video games – any data from the company could potentially have serious legal and reputational implications. In fact, governments are calling for sanctions against gambling in video games, especially those aimed at young audiences.
This is just the latest in a series of high profile hacks on game companies. Like Yahoo News reports:
- In November 2020, a ransomware attack on Capcom may have revealed up to 350,000 personal user information.
- In February 2021, ransomware attackers stole the source code of several games from Red Project CD and auctioned it off online.
Given the potentially devastating implications of these types of attacks, game companies need to do more to protect themselves from hackers. Here are five ways to do it.
1. Educate your people
Companies should provide professional training to cultivate cybersecurity awareness and improve the skills of their workforce. In EA’s case, there should have been a thorough security check to validate the identity of people looking for security tokens.
2. Apply policies and procedures
When clear cybersecurity policies and procedures are in place and properly enforced, an attacker has a much harder time abusing the human factor. These also make suspicious events more visible.
3. Correctly allocate cybersecurity resources
While many online gaming companies have extensive security measures for internet perimeters and gaming applications, they are insufficiently protected when it comes to their infrastructure. Companies need to develop a better understanding of where to invest their resources based on data and mathematical models. By understanding and calculating the risk of each attack scenario, measuring business risks by correlating asset values, and assessing the severity of vulnerabilities and threat actor activity, organizations can better assess the level of security. organization, allowing them to invest resources smarter and more efficiently.
4. Use a tiered approach
“Defense in depth” is a proven methodology to mitigate and prevent such incidents. This concept is based on building a multi-layered approach to cyber defense, ensuring that hackers are forced to bypass many different security controls before they can infiltrate the organization, breach the network, and gain access to its most valuable business assets. reviews.
5. Use Zero Trust
Nowadays, it’s dangerous to assume that the front door is the only way to access an organization’s network. A compromised employee, one-time physical access to an endpoint, or even proximity to an accessible Wi-Fi network are all valid entry points for hackers that could have far-reaching impact with short-term and long-term implications. long term. In short, never trust, always verify.
Every organization must build cybersecurity programs to meet its specific needs. Therefore, companies need to understand their own threat landscapes and assess their cybersecurity postures in a holistic way that takes into account all organizational assets. They need to take proactive steps to protect themselves, ensuring that attackers lose the game when it comes to gaining access to their data, employees and business gems.
Tal Memran has played a pivotal role in the cybersecurity industry, working as a cybersecurity expert at CYE. Prior to joining CYE, Tal worked as a chef in Canada and Israel. Despite his passage in the culinary world, since his childhood, computers have always … See the full bio