When you play a video game, you probably want to win, or at least show off real skill. Cheaters make it a lot less fun, according to a recent Irdeto Global Gaming Survey.

It says 60% of all online video game players across the globe have had their gaming time negatively impacted by cheaters. These digital cheaters use various methods at their disposal, including viruses, exploits and hardware and software modifications. Some can even bypass anti-cheat systems, giving them an edge over other players.

On the surface, this may seem like an issue limited to gaming developers and their consumers. However, the increase of cyber cheaters raises more awareness about similar vulnerabilities. Some of these are already present in many modern IT infrastructures. Do you work with security systems operating in a hybrid work environment spread across multiple personal devices and off-site hardware? You might face similar issues that game developers see when it comes to a lack of visibility and control.

What can IT experts working on security across multiple organizations learn from gaming?

Online gaming to win

Online multiplayer games are becoming more and more popular. In the face of this, game developers have struggled to keep up with the demand for new content. At the same time, they need to ensure that their games are fair and balanced for all players. Cheating has always been a problem in the world of gaming. As tech advances, so too do the methods used by cheaters.

A common way online gaming cheaters gain an advantage is by using software exploits. These are vulnerabilities within the code of a game that malicious players can exploit to gain an unfair advantage. Some may be simple bugs that allow players to move faster than intended. More sophisticated techniques let players see through walls or control other players’ characters.

While cheaters create some exploits on purpose to give themselves an edge, others are discovered by accident. In either case, game developers must act quickly to fix the exploit and release a patch to update the game code. However, as many gamers are aware, not all game developers release patches in a timely manner, or even at all. This can leave players open to exploitation for weeks or even months.

Online gaming at work

Online gamers can ‘beat the system’ by modifying gaming code stored on their local machines. Of course, this is out of the control of development teams. It’s not unlike how malicious actors can exploit vulnerabilities in a modern IT infrastructure.

Lack of visibility and direct control are the key. Developers can’t always control how gamers access and change gaming code. That’s the same struggle that many modern IT system admins face.

In addition, businesses are moving away from on-premises IT infrastructure models and towards hybrid workforces. They are opening themselves to new attack vectors more and more. In these hybrid environments, people use off-site hardware and personal devices to access company data and apps. This creates a complex network of access points that are difficult to monitor and secure.

Modern IT systems are also becoming less centralized, with data and apps spread across multiple on-premises and cloud-based servers. This creates gaps in visibility and control that attackers can exploit. Just as game developers must create a level playing field for all players, IT admins must work to secure data and apps across a decentralized network. That’s true regardless of where the data are located. But driving this type of initiative requires a shift in thinking. We have to accept that many security models are outdated.

Securing data with less physical control

The concept of zero trust security has been gaining traction in recent years to secure digital environments with less physical control. Zero trust is based on the principle that all users should be treated as untrusted entities regardless of their location or device. This means that instead of relying on perimeter-based models, you should focus on securing data and apps at the user level.

User identity and access management (IAM) is a critical component of zero trust security. It allows administrators to control at a granular level which users have access to which data and applications. In addition, IAM platforms let businesses quickly onboard and off-board employees, enforce multi-factor authentication and track user behavior.

Another effective way to secure digital environments is through micro-segmentation. This involves creating small, isolated security zones within a network. Segmenting the network in this way makes it much more difficult for attackers to move side to side and access sensitive data.

What else can you do outside of using zero trust security models and IAM platforms? There are several options:

  • Patching systems and apps often
  • Take care when monitoring systems and networks for intrusion
  • Training employees in cybersecurity best practices
  • Conducting regular risk assessments
  • Using comprehensive incident response plans.

By taking these proactive measures, businesses can make it more difficult for attackers to exploit vulnerabilities in their IT infrastructure and better protect themselves against the ever-evolving threat landscape.

Moving forward

The trend of online gaming cheaters teaches us a great deal about the current state of cybersecurity. There is now a renewed sense of awareness when it comes to the dangers that decentralized networks can pose. In order for organizations to protect themselves, it’s essential that they adopt a more disciplined and proactive approach. By turning attention to the benefits of zero trust models, it’s possible to build an IT infrastructure that is much more resilient to modern-day attacks and reduces attack surfaces.

More from Risk Management

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today