Online Gaming: Mapping Threats to High Level Business Channels

Feb 06, 2017

In a previous blog, we covered the most common threats seen in the gaming industry, in addition, we described a high-level approach for a security improvement program (SIP).

As a reminder from previous blog, the high-level approach for improving security for businesses in the gaming industry is comprised of three main layers we can apply a SIP to and holding the essence notion that security should be prioritised from the Core to the Outer Tier inside out:

The Core (red):

  • SIP for all assets owned by the business 
  • SIP to adapt to regulation requirements: GDPR, PCI, local jurisdiction etc.

The Middle tier (green):

  • SIP for assets accessed by partners and 3rd party vendors 

The Outer tier (blue):

  • SIP for data gaming data used by gaming platform consumers 

Here is a recap of the most prevalent threats in the gaming industry:

  • DDoS Attacks
  • Targeted Attacks, types:

              ◦     Cyber espionage

              ◦     Crimeware

              ◦     Web Application 

              ◦     Privilege misuse

  • Gaming Platform Abuse, types:

              ◦     Consumer Credentials

              ◦     Employee\Partner Credentials

              ◦     Game Integrity & Logic

  • Transactional Loss
  • Physical data theft and Accidental data loss

We have defined the most common threats, now they can be mapped into our high-level security improvement approach. Mapping the threats will allow the business to see whether there are common tier or channel denominators to certain type of threats and thereafter explore whether an approach can be built for a SIP the right way from the inside out. The mapping also allows the business to breakdown the threat landscape to consumable elements and understand where to priorities lay; an external tier doesn’t mean it’s less of a priority, for e.g. a business would like to focus on ‘Platform Credential Abuse’ threat on the consumer side, then they could embark on a SIP for that tier, however, now the business will know that the approach they’re after will have to satisfy and accustom to a SIP for in the ‘Core’ tier for internal business resources, this consideration will help the business avoid potential roadblocks down the road and search for a solution that will be optimised for all impacted tiers.

High Level Mapping Process

The mapping process is individual to each business as most businesses are unique, the next image shows an example mapping done on an Online Gaming operator. The mapping shows us that there are threat types that have tiers in common, specifically the ‘Gaming Platform Abuse’ and ‘Targeted Attacks’, by keeping this in mind the gaming operator can choose to embark on a SIP to protect the core layer against ‘Targets Attacks’ but also ensure that the SIP will cater for the other tiers where possible and ensure it will not block them. After choosing the threats and focus tiers, we can start working on tailoring a SIP plan for the relevant tier in the business.


Focusing on Security Improvement per Tier 

Focusing and prioritising the actions that need to be taken inside each tier to improve security is an ad-hoc process that results in different outcomes from business to business. The first step is to understand whether the business would like to prioritise their regulatory requirements, embark on a SIP without considering regulation or both. In case it’s one or the other at that specific point in time, the recommendation would be to consider other SIP programs, that may have started already or not, with common threat denominators.

In the next blog we’ll describe a holistic security improvement approach that can allow gaming businesses to prioritise security controls at the most fundamental levels of the ‘Core’ and the ‘Partner’ tier.

Performanta will be at ICE Totally Gaming at the Viadex stand.To set up a meeting with a consultant click here  




Request a callback

Thank you, we will be in touch with you shortly.

Send us a message

Thank you, we will be in touch with you shortly.

Client Testimonials

One of the worlds leading online gaming software providers has been a very happy client since 2002:

  • Why have you chosen to work with Viadex?

    Initially it was simply a matter of supply needs; it was convenient. Over the years the relationship has shifted from one-off purchase and supply, to a mutually beneficial partnership. I continue to invest in the relationship with Viadex because it offers a lot of advantages to me as Head of IT for a global business. These advantages include but are not limited to having an advocate working for us in discussions with vendors, having someone to make contact with vendors and either arrange proof of concept engagements or provide some background and advise relating to the vendor.

  • What are the primary benefits and/or results Viadex brings to your organisation?

    Viadex understands our business, Viadex recognises that we are a global business requiring supply to many locations, invoicing to varied entitles and that we exist in a market where there are real advantages in terms of getting to market quickly and as a result we have high expectations when it comes to logistics turnaround times.

    The Viadex account team takes time to visit our IT team and understand our project roadmap which enables them to align to our needs, as well as to offer potential solutions to address on-going challenges. Viadex recognizes the high level of technical skill in our organisation and helps us connect with the appropriate calibre of representatives from various vendors.

    Viadex assists with managing our support relationships with vendors, and taking the above into account they also help us bypass the lower levels of support and obtain quality support levels.

    Viadex advises us of how best to handle vendors, how to maximise value in our engagements and how to achieve the best return on our investments by considering alternative vendors, taking note of the timing of our purchases and optimally structuring our investment.

  • What is the process of working with Viadex like?

    Viadex has a friendly, open engagement with us. Viadex invests in face time with multiple touch-points to provide a service across the IT spectrum. The relationship is professionally owned by an account executive who is assisted by a technical team and a procurement team. The friendly and generally informal engagements suit my style; however Viadex has a professional and formal image for the times when it is appropriate. Viadex strives to respond to mails with minimal delay and is always available to take a call.

  • Why would you recommend Viadex?

    As Head of IT I appreciate not having to sweat over the details of procurement and vendor management. I am enabled to focus on delivering the business solution knowing that I can rely on Viadex to represent our best interests in commercial discussions. Viadex presents their proposed solution for review after doing the legwork. I enjoy working with the Viadex team, I have learnt a lot from them and I believe they have learnt from us too. It is a true partner relationship.