How many people are playing video games online?
With most of the UK population in lockdown or isolation for the majority of 2020, we have seen an increase in people spending time online, whether it be for work, school, or pleasure – we are becoming more and more dependent on technology.
Ofcom found that by the end of 2020, 94% of UK homes had internet access, and we spent an average of 3 hours 37 minutes a day on smartphones, tablets, and computers. Ofcom also discovered that almost 62% of adults, and 92% of 16- to 24-year-olds played online games on an electronic device. Although the online world offers relief for many, with such a high number of the UK population spending time online, online gaming risks must be kept at the forefront of their minds.
Privacy Concerns of Online Gaming
Even if you are extremely careful online, sometimes the risk can be taken out of your own hands. Hackers can often target servers of any company, which makes it important to limit the amount of information you share online with companies that will store your sensitive information.
In another blog, we cover the infamous Sony Pictures hack in 2014, where we go into detail on the effects of the film industry, but before this in 2011, the Sony-owned PlayStation Network was hacked resulting in 77 million accounts being compromised and the loss of financial and private data. This was one of the largest data breaches in history and left the PSN Network down for over three weeks.
As a business, a concern for you could be if employees sign up to websites or subscriptions using their work email addresses, and if they use the same passwords or you don’t have 2FA enabled on your online databases, CRM’s or to log into your network, then not only is your employee’s personal data at risk, but also any sensitive data that you store as a business.
Malware in the game industry
As well as the rise in the amount of time spent online, we also saw a rise in web app attacks in 2020, with a whopping total of 240 million. Since 2018 there has been a 415% increase in web app attacks on the online gaming industry. Steam, which is a popular video game distribution service, where you can download and play games from third-party publishers, is commonly targeted by malware attacks.
A recent malware is ‘BloodyStealer’ which is sold on darknet forums and used to steal information such as log in credentials, cookies, bank details and more. A common way that threat actors will get malware onto a device, is to give away a popular game for free, which has hidden malware installed in the code.
A risk for businesses can be if employees have work equipment at home, they may be tempted to use it for online gaming, which can result in the network being exposed to many more threats. Additionally, if your employees are using personal equipment to access the company network and they fall victim to a malware attack, then your company data is at risk.
A way to protect yourself as an individual from these types of attacks is to try and always use official game distribution platforms. If downloading the game redirects you to an unfamiliar or malicious website, don’t click on any links and remove any downloaded files. If you are a business that has employees working from home, the best protection is user awareness and education, followed closely by strong endpoint protection.
Social Engineering through online video games
The term social engineering has been around since the ‘90s, but what is social engineering? In the world of online gaming, it’s quite normal to interact with strangers particularly if you’re gaming in online lobbies. Living in the digital age, it is much easier to gather information about people due to relaxed security measures on social media profiles, and often usernames with full names in them.
Even if your employees aren’t using their company email address to create online gaming accounts, if there has been a leak that involved email and passwords and your employee uses the same password for personal and work accounts, there could be potential for a threat actor to find out where they work using LinkedIn or Facebook and use this information to get into your network or other systems you may use.
How do you stay safe while online gaming?
In conclusion, simply stating in your company policy that works equipment shouldn’t be used for personal use may not always be enough, unless you are proactively checking up on your employees and enforcing this rule. This also does not take into consideration employees who may access the company network through their personal equipment such as their mobile phone or laptop.
Giving your workforce access to training to be aware of the dangers when online is a great place to start, taking preventative measures internally within your business is also a great idea.
Do you have any questions about online safety?
Get in touch with SEP2 today to find out how to protect your business.