The number of gaming companies forced to adopt security solutions to protect their networks will likely soar over the next three years as firms confront a growing number of internet attacks, with Asia likely to be at the forefront of the problem.
The attacks range from the relatively unsophisticated, but damaging, distributed disruption of service attack (DDOS), through to the more insidious web application firewall assaults, which are able to mine client data and cripple systems. The problem is particularly acute in the online gambling sphere.
According to Limelight Networks regional director for SE Asia, Jaheer Abbas, DDOS attacks have been growing at a rate of about 200 percent annually, with around 30 to 40 percent occurring in Asia. He says the number of attacks is accelerating at the fastest pace in the region.
“It’s very, very common. The highest penetration in terms of bringing down sites is in the gambling industry,” Abbas said.
Nasdaq-listed Limelight Networks provides high-speed content and video delivery services via their global private CDN network, as well as providing network protection.
“If you had asked me three or four years ago, I would have said the streaming part of it is where we are seeing a lot of traction as everyone is asking for the best performance with very minimal latency,” he said. “Among online gaming companies, three to four years ago security was an afterthought, now we start with security.”
He estimates that, at present, among online gaming companies there is probably a 10 to 15 percent adoption rate of network protection solutions, with that rate likely to jump to 70 to 80 percent within the next three years.
Cyber security has become one of the top global concerns for corporate executives. Earlier this month, a major DDOS attack knocked out bookmaker William Hill’s systems on a day featuring major UEFA Champions League fixtures, while Canada’s Casino Rama Resort was the victim of a security breach resulting in client data being compromised. To add insult to injury some clients are seeking to file a class action lawsuit against the casino, claiming $50 million in damages.
In Asia, hackers stole $81 million through Bangladesh’s central bank, which was then laundered through casinos in the Philippines.
Statistics indicate that global gaming sites are increasingly being targeted for scam, fraud and cyber hacks. Asia’s top IT experts acknowledge they have to provide equal focus on delivering high quality digital solutions as well as the necessary strategy to secure their systems. However companies across all sectors including gaming are struggling to keep up despite their efforts to minimise cyber-attacks as it continues to grow in scale, frequency and complexity.
A DDOS attack involves flooding a website with excessive traffic to crash the system or compromise its performance. The attacks are being fueled by the easy availability of DDoS-for-hire sites that identify and exploit exposed internet services, which Abbas says may charge as little as $10 for an hour.
Sports betting operators can be particularly vulnerable as their business model already experiences surges in volume around major sporting events.
Abbas says the culprits behind the attacks are usually competitors seeking to damage a rival’s reputation, although some may claim ransom payments. He said the actual number of attacks may be far higher than officially known, as many companies fail to report incidents.
“They want to just reduce your credibility. If I have a client I want them to regularly play with me and spend money on the site. If 5 out of 10 times the site is not available or is slow I’m not interested in playing any more,” he said, adding this is particularly important given the high costs of client acquisition in the industry.
Network security companies are able to identify the fingerprints of the hackers, separating them from genuine users, and mitigate the attack by channelling the excess traffic through their own systems.
Web application firewalls are used to protect web applications against common attacks such as cross-site scripting and SQL injection. They monitor the content of each encrypted and unencrypted inbound web traffic to detect advanced attack types. According to WiseGuyReports, the market for providing WAF protection is forecast to grow at a compound average growth rate of 17.34 percent through to 2019.
“WAF attacks get into the application itself,” Abbas said. “They inject a code into your application. Once the code is injected and you click, I may play a video but I also get your credentials, from which I then begin collecting your data.”