Our website uses cookies. To find out more information on the cookies we use, please head to our privacy policy.OK

Securing Online Gaming

Securing Online Gaming

Wow  what a conference! One doesn’t find that many conferences where the keynote speaker outlines the details of subtly malformed but still legal HTTP post headers.

The whole day continued in the same vein, and we learnt that Online Gaming experiences more cyber-threat than any other industry. They have whole departments to deal with different types of threat and that they are writing and reviewing their own custom firewall signatures. These teams are driving the development of next-generation firewalls!

We were told that Online Gaming is a £21 Billion market (a bit of googling reveals much higher figures, especially for Asia at $79 Billion), William Hill alone has a turn over of £946 Million. The UK Gambling Commission states the GGY (Gross Gambling Yield) for 2014 was £6.3 Billion, GGY is the value of the wagers retained by gambling operators. Any way you look at this, these are huge figures, attackers can get rich by syphoning off even small percentages.

The delegates certainly got the impression that there was a lot more left unsaid, one presenter announced that their legal department had cut every slide and asked for a title change. We found that procedurally the Online Gaming industry follows very similar development cycles to Osirium. We use a two-week Sprint cycle as do they, and that they rate all code as being risky and rate the risk based on the external interfaces that a code module uses. We heard ‘peer review’ several times throughout the day.

Continuous Integration, where software is under test throughout the development lifecycle was seen as key to producing secure software. We were rather pleased to see several screenshots of Jenkins systems since we’re also heavy users of Jenkins test automation.

Since we are bound by Chatham House Rules I’ll not go into the actual attack vectors, suffice to say that the attackers seek to take over personal accounts and extract personal details.

One would surmise that the Online Gaming Industry is at the top of their game security-wise, we were kept busy on the Osirium stand demonstrating Privileged Account Management and Privileged Task Automation all day!

Related Articles

term->name is Events

Osirium @ the National Information Security Conference (NISC)

NISC is the UK’s largest independent cyber security conference, run by our partner Sapphire. It is designed to encourage peer-to-peer… Read Post

Osirium @ CyberWhite Inaugural Security Forum

We’re attending CyberWhite’s Inaugural Security Forum on Wednesday 26th September, where we’ll be speaking about the journey to Privileged… Read Post

Osirium to speak @ e-Crime & Cybersecurity Mid-year Summit

Join us at the 10th e-Crime & Cybersecurity Mid-Year Summit on Thursday 18th October 2018, where our CTO Andy Harris will be delivering a… Read Post