As COVID-19 restrictions prevent people from leaving their homes, millions have turned to video games to escape the four walls of their homes and enter the wider virtual world, in so they can connect with family and friends in an informal way. For many people, playing video games is something to look forward to after a long day “working from home” and a way to deal with boredom, loneliness and mental health issues.
The gambling industry is one of the biggest beneficiaries of the pandemic, which increased by 26 percent between 2019 and 2021. According to a report by PricewaterhouseCoopers (PwC), the expansion of the global gaming industry will reach $321 billion by 2026.
Unfortunately, as the number of gamers and consumers spend more time in public virtual worlds, there has also been an increase in cyber activities and cyber criminals seeking to steal personal information and global dollars.
Global security and digital privacy company Kaspersky released a report (the “Kaspersky findings“) and remember that in the first half of 2022, the activity of cybercriminals harassing servers has increased. Internet security experts have warned that online crime in gambling has increased since the beginning of the epidemic, which is hidden in cheat codes, microtransactions and messages transferred online from other players. Players who try to download new games from unsafe or unreliable sources have been known to download malicious software and lose their accounts and money. In addition, Kaspersky’s findings confirm that in some cases, unwanted installations of the spyware component capable of “monitoring the data entered on the keyboard and taking photos” were detected. According to the Akamai Report published in August 2022, cyber attacks on websites increased by 167 percent from May 2021 to April 2022 compared to the same period of the previous year.
Gaming companies have become increasingly lucrative targets for cybercriminals as the scope of cyberattacks has increased. In addition, the increasing amount of data collected by gaming companies is very beneficial to them. These companies are more vulnerable to data breaches where customers lose data and additionally, their product offerings (ie games and platforms) are taken offline for a short period of time. As a result, customers of gaming companies (even individual players) may lose their game progress, money and sensitive personal data. Internet-related problems are exacerbated as gambling companies become more likely to buy, sell, trade or hold customers’ digital assets, such as game tokens and redeemable coins. digital products in public virtual worlds. According to Kaspersky’s findings, the three games out of 28 in the scope of research with the most malicious and unwanted files are Minecraft, FIFA and Roblox.
Gaming company operators must consider their legal obligations to protect user information and ensure that their product offerings (ie games and platforms) are secure. Canadian privacy legislation governing the commercial collection of personal information requires in general terms that businesses implement safeguards to protect personal information. For example, federal law governing most Canadian provinces requires safeguards to “protect personal information from loss or theft, including unauthorized access, display, copy, use or modify.” Note that this rule is usually replaced by the Consumer Protection Act, the limitations are the same.
Cyber risk management is an important issue for organizations of all sizes, and even the smallest gaming companies are not exempt. Under Canadian law, directors of corporations are responsible for managing and overseeing the conduct of the corporation’s business and affairs. Basically, corporate managers must act honestly and honestly in the best interest of their business. Moreover, they must exercise the care, wisdom and diligence that a prudent person would exercise in similar circumstances. In terms of cyber risk management, corporate managers will be more involved in determining the tolerance of the corporation, and ensuring that the organization takes appropriate actions to identify and manage risks through in the risk management program that is necessary, and finally, to monitor one. the main risks facing the corporation. And while current federal law does not impose personal liability on directors and officers for violations, Quebec’s new Bill 64 imposes stiff fines for people who fail to take appropriate security measures to protect personal information.
For game developers and companies that collect private information, the best antidote to cyber attacks is immediate prevention. Companies that design and operate games and gaming platforms must adhere to the principles of current and future Canadian data protection laws by limiting collection to the data they absolutely need. , and seek informed consent to collect data from players who use their products, and limit the use to them. the data is sent and the length of time it is kept, and ensures that safeguards are in place to protect the personal information of the users.