How MFA and DLP can stop data breachesMichael Urgero 19/02/2021 Industry News
Security Fridays Week 26 – An example from the gaming industry.
So here we are once again, another major corporation who has been breached and is apparently leaking stolen data to the internet for profit. Wait a minute, this a video game company? Well, the online gaming community has been one of those industries that suddenly sneak up on you, without warning and is suddenly massive and making billions of dollars – seemingly out of no where. When did this happen, how did we miss this?
Well, to be honest – those that are in the know, didn’t. As for the rest of us, we were too busy playing the games to realize just how massive they’ve become. It’s no joke. Activision’s Call of Duty Warzone made over 2 Billion Dollars in 2020 – and that game is a ‘Free to Play’ download. That revenue is all from In-Game purchases for things like outfits, characters and things.
Also consider this; Electronic Arts has sold more than 100 Million copies of Grand Theft Auto. You know who else sold 100 million copies in their lifetime? Michael Jackson. That surely puts it in perspective.
There are even talent agencies, like United Talent in Beverly Hills California that are agents for high-powered game designers, programmers and even some popular online players. These people are signed to multi-million-dollar contracts similar to athletes. So, for my parents that told me to stop – yes, you can make quite a good living in the video game business.
While the rest of us were busy securing medical and finance data over the last 10 or 15 years – there has been an entire industry that’s popped up around these companies, people and titles and we need to approach this just like we would any other business.
Breaches like this one shown here damage the reputation of a game developer and subsequently impact sales revenue. Regulations are extraordinary thin, with a few exceptions related to credit card processing, but generally not with data from game play. One must make sure that authentication processes, database encryption and multi-factor authentication are incorporated – and for the most cases, they are. What’s generally not is internal engineering multi-factor and Data Loss Prevention.
Troves of internal data doesn’t get up and walk out by itself, it has help – usually by a disgruntled employee that’s looking for revenge or to make quick cash. In this case, it was cash.
Just because a company is good at making games does not necessarily translate to being good at data protection, which is why companies like this need to strongly consider an implementation of multi-factor authentication and Data Loss Prevention solutions to protect their heavy investments.
Large game development studios like these should strongly consider these internal security solutions to prevent data breaches like this, retain reputation, revenue and customers.
Read the original article that was analysed here: : https://threatpost.com/game-publishers-hit-by-leaked-credentials/162725/