Light Dark
April 12, 2022 By Josh Nadeau 4 min read
Risk Management
Security Services
Threat Hunting

When you play a video game, you probably want to win, or at least show off real skill. Cheaters make it a lot less fun, according to a recent Irdeto Global Gaming Survey.

It says 60% of all online video game players across the globe have had their gaming time negatively impacted by cheaters. These digital cheaters use various methods at their disposal, including viruses, exploits and hardware and software modifications. Some can even bypass anti-cheat systems, giving them an edge over other players.

On the surface, this may seem like an issue limited to gaming developers and their consumers. However, the increase of cyber cheaters raises more awareness about similar vulnerabilities. Some of these are already present in many modern IT infrastructures. Do you work with security systems operating in a hybrid work environment spread across multiple personal devices and off-site hardware? You might face similar issues that game developers see when it comes to a lack of visibility and control.

What can IT experts working on security across multiple organizations learn from gaming?

Online gaming to win

Online multiplayer games are becoming more and more popular. In the face of this, game developers have struggled to keep up with the demand for new content. At the same time, they need to ensure that their games are fair and balanced for all players. Cheating has always been a problem in the world of gaming. As tech advances, so too do the methods used by cheaters.

A common way online gaming cheaters gain an advantage is by using software exploits. These are vulnerabilities within the code of a game that malicious players can exploit to gain an unfair advantage. Some may be simple bugs that allow players to move faster than intended. More sophisticated techniques let players see through walls or control other players’ characters.

While cheaters create some exploits on purpose to give themselves an edge, others are discovered by accident. In either case, game developers must act quickly to fix the exploit and release a patch to update the game code. However, as many gamers are aware, not all game developers release patches in a timely manner, or even at all. This can leave players open to exploitation for weeks or even months.

Online gaming at work

Online gamers can ‘beat the system’ by modifying gaming code stored on their local machines. Of course, this is out of the control of development teams. It’s not unlike how malicious actors can exploit vulnerabilities in a modern IT infrastructure.

Lack of visibility and direct control are the key. Developers can’t always control how gamers access and change gaming code. That’s the same struggle that many modern IT system admins face.

In addition, businesses are moving away from on-premises IT infrastructure models and towards hybrid workforces. They are opening themselves to new attack vectors more and more. In these hybrid environments, people use off-site hardware and personal devices to access company data and apps. This creates a complex network of access points that are difficult to monitor and secure.

Modern IT systems are also becoming less centralized, with data and apps spread across multiple on-premises and cloud-based servers. This creates gaps in visibility and control that attackers can exploit. Just as game developers must create a level playing field for all players, IT admins must work to secure data and apps across a decentralized network. That’s true regardless of where the data are located. But driving this type of initiative requires a shift in thinking. We have to accept that many security models are outdated.

Securing data with less physical control

The concept of zero trust security has been gaining traction in recent years to secure digital environments with less physical control. Zero trust is based on the principle that all users should be treated as untrusted entities regardless of their location or device. This means that instead of relying on perimeter-based models, you should focus on securing data and apps at the user level.

User identity and access management (IAM) is a critical component of zero trust security. It allows administrators to control at a granular level which users have access to which data and applications. In addition, IAM platforms let businesses quickly onboard and off-board employees, enforce multi-factor authentication and track user behavior.

Another effective way to secure digital environments is through micro-segmentation. This involves creating small, isolated security zones within a network. Segmenting the network in this way makes it much more difficult for attackers to move side to side and access sensitive data.

What else can you do outside of using zero trust security models and IAM platforms? There are several options:

  • Patching systems and apps often
  • Take care when monitoring systems and networks for intrusion
  • Training employees in cybersecurity best practices
  • Conducting regular risk assessments
  • Using comprehensive incident response plans.

By taking these proactive measures, businesses can make it more difficult for attackers to exploit vulnerabilities in their IT infrastructure and better protect themselves against the ever-evolving threat landscape.

Moving forward

The trend of online gaming cheaters teaches us a great deal about the current state of cybersecurity. There is now a renewed sense of awareness when it comes to the dangers that decentralized networks can pose. In order for organizations to protect themselves, it’s essential that they adopt a more disciplined and proactive approach. By turning attention to the benefits of zero trust models, it’s possible to build an IT infrastructure that is much more resilient to modern-day attacks and reduces attack surfaces.

 |  |  |  | 
Josh Nadeau
Cybersecurity Writer

More from Risk Management
February 14, 2025

4 ways to bring cybersecurity into your community

4 min read - It’s easy to focus on technology when talking about cybersecurity. However, the best prevention measures rely on the education of those who use technology. Organizations training their employees is the first step. But the industry needs to expand the concept of a culture of cybersecurity and take it from where it currently stands as an organizational responsibility to a global perspective.When every person who uses technology — for work, personal use and school — views cybersecurity as their responsibility, it…

February 12, 2025

When you shouldn’t patch: Managing your risk factors

4 min read - Look at any article with advice about best practices for cybersecurity, and about third or fourth on that list, you’ll find something about applying patches and updates quickly and regularly. Patching for known vulnerabilities is about as standard as it gets for good cybersecurity hygiene, right up there with using multi-factor authentication and thinking before you click on links in emails from unknown senders.So imagine my surprise when attending Qualys QSC24 in San Diego to hear a number of conference…

February 3, 2025

CISOs drive the intersection between cyber maturity and business continuity

4 min read - The modern corporate landscape is marked by rapid digital change, heightened cybersecurity threats and an evolving regulatory environment. At the nexus of these pressures sits the chief information security officer (CISO), a role that has gained newfound influence and responsibility.The recent Deloitte Global Future of Cyber Survey underscores this shift, revealing that “being more cyber mature does not make organizations immune to threats; it makes them more resilient when they occur, enabling critical business continuity.” High-cyber-maturity organizations increasingly integrate cybersecurity…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature