When you play a video game, you probably want to win, or at least show off real skill. Cheaters make it a lot less fun, according to a recent Irdeto Global Gaming Survey.

It says 60% of all online video game players across the globe have had their gaming time negatively impacted by cheaters. These digital cheaters use various methods at their disposal, including viruses, exploits and hardware and software modifications. Some can even bypass anti-cheat systems, giving them an edge over other players.

On the surface, this may seem like an issue limited to gaming developers and their consumers. However, the increase of cyber cheaters raises more awareness about similar vulnerabilities. Some of these are already present in many modern IT infrastructures. Do you work with security systems operating in a hybrid work environment spread across multiple personal devices and off-site hardware? You might face similar issues that game developers see when it comes to a lack of visibility and control.

What can IT experts working on security across multiple organizations learn from gaming?

Online gaming to win

Online multiplayer games are becoming more and more popular. In the face of this, game developers have struggled to keep up with the demand for new content. At the same time, they need to ensure that their games are fair and balanced for all players. Cheating has always been a problem in the world of gaming. As tech advances, so too do the methods used by cheaters.

A common way online gaming cheaters gain an advantage is by using software exploits. These are vulnerabilities within the code of a game that malicious players can exploit to gain an unfair advantage. Some may be simple bugs that allow players to move faster than intended. More sophisticated techniques let players see through walls or control other players’ characters.

While cheaters create some exploits on purpose to give themselves an edge, others are discovered by accident. In either case, game developers must act quickly to fix the exploit and release a patch to update the game code. However, as many gamers are aware, not all game developers release patches in a timely manner, or even at all. This can leave players open to exploitation for weeks or even months.

Online gaming at work

Online gamers can ‘beat the system’ by modifying gaming code stored on their local machines. Of course, this is out of the control of development teams. It’s not unlike how malicious actors can exploit vulnerabilities in a modern IT infrastructure.

Lack of visibility and direct control are the key. Developers can’t always control how gamers access and change gaming code. That’s the same struggle that many modern IT system admins face.

In addition, businesses are moving away from on-premises IT infrastructure models and towards hybrid workforces. They are opening themselves to new attack vectors more and more. In these hybrid environments, people use off-site hardware and personal devices to access company data and apps. This creates a complex network of access points that are difficult to monitor and secure.

Modern IT systems are also becoming less centralized, with data and apps spread across multiple on-premises and cloud-based servers. This creates gaps in visibility and control that attackers can exploit. Just as game developers must create a level playing field for all players, IT admins must work to secure data and apps across a decentralized network. That’s true regardless of where the data are located. But driving this type of initiative requires a shift in thinking. We have to accept that many security models are outdated.

Securing data with less physical control

The concept of zero trust security has been gaining traction in recent years to secure digital environments with less physical control. Zero trust is based on the principle that all users should be treated as untrusted entities regardless of their location or device. This means that instead of relying on perimeter-based models, you should focus on securing data and apps at the user level.

User identity and access management (IAM) is a critical component of zero trust security. It allows administrators to control at a granular level which users have access to which data and applications. In addition, IAM platforms let businesses quickly onboard and off-board employees, enforce multi-factor authentication and track user behavior.

Another effective way to secure digital environments is through micro-segmentation. This involves creating small, isolated security zones within a network. Segmenting the network in this way makes it much more difficult for attackers to move side to side and access sensitive data.

What else can you do outside of using zero trust security models and IAM platforms? There are several options:

  • Patching systems and apps often
  • Take care when monitoring systems and networks for intrusion
  • Training employees in cybersecurity best practices
  • Conducting regular risk assessments
  • Using comprehensive incident response plans.

By taking these proactive measures, businesses can make it more difficult for attackers to exploit vulnerabilities in their IT infrastructure and better protect themselves against the ever-evolving threat landscape.

Moving forward

The trend of online gaming cheaters teaches us a great deal about the current state of cybersecurity. There is now a renewed sense of awareness when it comes to the dangers that decentralized networks can pose. In order for organizations to protect themselves, it’s essential that they adopt a more disciplined and proactive approach. By turning attention to the benefits of zero trust models, it’s possible to build an IT infrastructure that is much more resilient to modern-day attacks and reduces attack surfaces.

More from Risk Management

Working in the security clearance world: How security clearances impact jobs

2 min read - We recently published an article about the importance of security clearances for roles across various sectors, particularly those associated with national security and defense.But obtaining a clearance is only part of the journey. Maintaining and potentially expanding your clearance over time requires continued diligence and adherence to stringent guidelines.This brief explainer discusses the duration of security clearances, the recurring processes involved in maintaining them and possibilities for expansion, as well as the economic benefits of these credentialed positions.Duration of security…

Remote access risks on the rise with CVE-2024-1708 and CVE-2024-1709

4 min read - On February 19, ConnectWise reported two vulnerabilities in its ScreenConnect product, CVE-2024-1708 and 1709. The first is an authentication bypass vulnerability, and the second is a path traversal vulnerability. Both made it possible for attackers to bypass authentication processes and execute remote code.While ConnectWise initially reported that the vulnerabilities had proof-of-concept but hadn’t been spotted in the wild, reports from customers quickly made it clear that hackers were actively exploring both flaws. As a result, the company created patches for…

Researchers develop malicious AI ‘worm’ targeting generative AI systems

2 min read - Researchers have created a new, never-seen-before kind of malware they call the "Morris II" worm, which uses popular AI services to spread itself, infect new systems and steal data. The name references the original Morris computer worm that wreaked havoc on the internet in 1988.The worm demonstrates the potential dangers of AI security threats and creates a new urgency around securing AI models.New worm utilizes adversarial self-replicating promptThe researchers from Cornell Tech, the Israel Institute of Technology and Intuit, used what’s…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today