In-Depth

Why Indian Online Gaming Platforms Must Invest In Always-on Cybersecurity

Why Indian Online Gaming Platforms Must Invest In Always-on Cybersecurity
SUMMARY

Propelled by factors such as internet penetration, pandemic-induced lockdowns, and more, India’s online gaming enterprises have seen major growth recently

India bagged the top spot in mobile game downloads by September 2020, accounting for nearly 17% of worldwide downloads with 7.3 Bn installed games

This has also led to the growth in cyberattacks — Akamai observations revealed that the global gaming industry suffered more than 10 Bn credential stuffing attacks and 152 Mn web application attacks between July 2018 and June 2020

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

India’s gaming industry has seen many waves of development over the years. First came the handhelds, the occasional PC consoles, the Xboxes, and the PlayStations. But this was India in the early 1990s, which lacked access to widespread and high-speed internet, home computers, and smartphones. The prohibitive price of global gaming console brands further hindered the gaming industry’s growth in the initial years. But the rise in mobile internet penetration and the rapid growth of online gaming in the next two decades gave the industry a significant boost across the country. And this now includes its many sub-segments, such as real-money games, fantasy games, live streaming and more.

Driven by the surge of digital use, the market stood at more than $600 Mn in FY18, according to a KPMG report. The report further revealed that between 2010 and 2018 the number of gamers in the industry grew 10x, further pushing the growth of the platforms in the sector.

However, the onset of the Covid-19 pandemic in 2020 and the subsequent lockdowns proved to be a game changer. As people stayed indoors, they started exploring this easy-to-access virtual source of entertainment, and gaming influencers became as popular as those in the fashion, beauty, or fitness spaces. By September 2020, India bagged the top spot in mobile game downloads, accounting for nearly 17% of worldwide downloads with 7.3 Bn installed games. According to industry estimates, India is currently home to more than 300 Mn gamers.

Shashwat Jain, cofounder of the online poker platform, PokerDangal, earlier told Inc42 that the startup’s user base grew by approximately 40% in the second half of 2020. “We have seen a steady rise in key metrics such as time spent (engagement) and Month 2/Month 6 retention numbers for new acquisitions during this period. Also, we have seen a relapse of previously dropped users on the platform.”

Inc42 Plus took a deep dive into the gaming industry last year to find that startups in this sector had witnessed exponential growth. Ahmedabad-based Gamerji clocked a 2.5x rise in esports traffic. Mumbai-based Pocket Aces, a digital entertainment company focussed on mobile videos, also witnessed 50x growth in streamer signups on its game-streaming platform Loco after it introduced the esports category.

Gaming Industry: Funding & Revenues

A BARC–Nielsen report last year said that the time spent on gaming platforms by Indians rose from 151 minutes before the pandemic to 218 minutes per week during the lockdown. Overall consumer spending on games also grew during this period. According to industry estimates, India spent approximately $1.2 Bn on mobile games in CY2020 (January–December).

The ongoing pandemic has emphasised the need for social connections on shared interests such as gaming and, as a result, these platforms have acquired a lot of users. The strategy and focus of these companies now should be to expand their base in Tier 2 & 3 cities while also retaining users by rolling out new forms of content and engaging features. 

Reflecting on the growth so far, Saurabh Aggarwal, CEO & president of Octro Inc, which includes games such as Teen Patti, PlayRummy, and more, said he believes that the Indian market will see a further rise of the gaming metaverse, a growth of cloud gaming, and an increase in in-browser gaming. To further promote this growth, he added, “The industry should come together as a team to work with the government to create a policy framework for real money and other games so that constituents of the value chain and the entire sector witness humongous growth.”

With the rise in demand for gaming platforms in India, the sector has also witnessed growing investor interest. An Inc42 Plus analysis showed that total venture capital funding in Indian gaming startups stood at $448 Mn between 2014 and H1 2020 alone.

Additionally, a KPMG report revealed that the industry’s revenue more than doubled from INR 6.2K Cr in FY19–20 to INR 13.6K Cr in FY20–21 with casual gaming accounting for more than 44% of the industry in FY21.

Hiccups In The Growth Journey Of The Gaming Industry

“In the last decade, game development has shifted tremendously,” said Jonathan Singer, senior video games industry strategist at Akamai. “Traditionally, games were developed and released as stand-alone experiences. Today, most games rely on a highly connected architecture in order to support hundreds of thousands, if not millions of simultaneous players.”

“To architect a winning game in a mobile-first, always-on world, developers must make certain that their game’s infrastructure is scalable, and has the ability to handle high peak traffic as well as protect against the many security threats that can disrupt a gaming ecosystem, putting player identities, accounts and money at risk.” – Jonathan Singer, Akamai

Although the industry has grown exponentially, companies in this space have faced several challenges. The top issues include capacity-building to cater to the sudden surge of demand and the ability to retain existing users. 

One of the key challenges is cybersecurity. In its State of the Internet/Security Report | Gaming in a Pandemic, cybersecurity and edge technology company Akamai highlighted some of the attacks and threats that the industry is vulnerable to, including credential stuffing, web application attacks, distributed denial-of-service (DDoS) attacks, and more.

Many gaming platforms, publishers, and esports companies in India were not prepared for the sudden surge of users, and neither was their technology geared to handle the surge, which in turn led to errors, app crashes, downtime, and more. The platforms overcame this challenge quickly, and the focus then shifted to keeping users engaged in order to retain them. 

Another significant challenge was that gaming platforms now had to tailor their strategies to serve a wider range of users — from casual gamers to to mid-tier enthusiasts to hardcore players, each with their own set of aspirations and expectations.

Despite the many avenues and potential user bases that have opened up for Indian platforms to tap into, the challenge is to match the level that most Indian gamers are accustomed to thanks to their exposure to various regional and global players, especially via the likes of PUBG, Clash of Kings, League of Legends, and others.

Also, only a small percentage of Indian gamers can afford the steep price of hardware support (such as desktop processors, gaming processors, high-end audio-visual support) that would enable them to play seamlessly at the highest performance output settings. Therefore, the industry continues to miss out on higher participation potential and bigger revenues.

Akash Singh, product manager at WinZO explained, “While the infrastructure for digital connectivity is improving rapidly in India, it is not at the same levels as the western countries. Most of the users in India currently use low budget smartphones with limited processing capacity and the Internet speed also exhibits a high degree of variance.”

However, the challenge is not limited to the engagement of the real-money gaming players in India. Octro’s Aggarwal explained, “There is a latent need for harmonisation of state and central laws along with policy measures to create a predictable regime that allows a level playing field for all players in the ecosystem. This will act as an impetus for PEs (private equity giants) and VCs (venture capitalists) to back gaming companies across fantasy sports, eSports, and other real money games.”

But unfortunately, that is not where this ends, various players from the industry told Inc42 that currently, there is also a lack of policy framework at the service provider level for the ‘unregulated’ and foreign websites/gambling platforms.

This framework forms the fundamental requirements for competitive real-time gaming and its lack can deter the gaming sector from realising its vast potential in the Indian market. 

While these challenges directly impact scaling up in the gaming sector, there is a bigger hurdle that often goes unnoticed — the threat of cyberattacks. As the entire country moves toward digitisation, it is now essential for gaming platforms to adequately analyse potential risks and invest in cybersecurity accordingly.

“The video games industry is one of the most attacked industry verticals. Between 2020 and 2021, web app attacks targeting the gaming industry rose by 340%. Credential stuffing attacks, which are attacks meant to hack into player accounts, rose by 224%,” said Jonathan Singer, Akamai.

He further explained, “This is due to a combination of factors including the rapid growth of gaming around the globe; the willingness of its player base to spend on frequent, small transactions; and the differentiated forms of value stored in player accounts — from the time invested, to in-game collectables, to actual money and personally identifiable information (PII).”  

Is the Indian Gaming Sector Ready To Deal With Cyberattacks?

Today, most gaming platforms, especially those from real-money and fantasy gaming segments, focus more on APK downloads (created for Android phones) and real-time engagement. Both these factors are essential for seamless player experience, and are vital to the growth of real-money and fantasy gaming companies. However, today’s digital-first approach makes businesses vulnerable to massive cyberattacks; and hence, cybersecurity is one of the most crucial areas that need to be addressed.

The online gaming industry is no exception. Cybercriminals across the globe have wasted no time in targeting the PII (phone number, address, credit card details, and more) that gaming platforms store on their servers. 

Gaming companies must be prepared to ward off cyberattacks that target their infrastructure and the information they store. This is imperative for protecting their platform, defending their brand reputation, safeguarding the stored PII against breaches, and, most of all, maintaining customers’ trust and retaining customer loyalty.

In its State of the Internet/Security Report | Gaming in a Pandemic, Akamai revealed that in CY2020, the gaming industry suffered more than 10 Bn credential stuffing and 246 Mn web application attacks.

Incidentally, the most common methods of attack in the gaming industry include credential stuffing, phishing, account takeovers, DDoS, and more. Credential stuffing attacks run on the assumption that people reuse their usernames and passwords across various platforms and attackers leverage stolen credentials and malicious bots to get unauthorised access to user accounts. Phishing occurs when hackers deceive people into revealing their credentials with the help of fake links and fake websites that look similar to legitimate ones.

Sid Pisharoti, Regional VP, India & SEA region at Akamai, says, “Akamai is an important player in the global gaming ecosystem, having worked with the leading gaming companies in the world. Over the last two years, we have seen massive amounts of traffic and spikes in the gaming vertical globally with millions of users accessing these gaming platforms at once. Per our recent SOTI gaming report, cyberattacks across web attacks, credential stuffing attacks, bot attacks and DDoS attacks, were up by several folds.”

In the case of web applications, the most common attack is through the structured query language injection (SQLi) technique — making up 59% of cyberattacks from January through December 2020 — where a malicious SQL code is inserted at the backend for database manipulation. As a result, hackers gain access to information that was not intended to be made public.

Following SQLIs, the next most common attacks are local file inclusion (LFI) attacks, accounting for 24% of the attacks in the gaming industry alone. Through LFI, an attacker can deceive a web application into exposing or running files on the web server, leading to information exposure, remote code execution, and more.

Deepa Parikh, head of solutions engineering, India at Akamai, elaborated, “From Akamai’s purview, we see that gaming companies prioritise on three major areas — faster, reliable delivery of game and/or asset bundles to end users, improved end-user experience, and securing the app, in-game purchases, and APIs. Mostly, the end-user experience is enabled by efficient caching and/or acceleration of APIs (such as scorecard API, leaderboard API).”

She further added, “Securing the app is necessary to ensure your game is always available and protected against vulnerabilities such as bot attacks, SQLi, LFi, credential abuse and DDoS attacks, gateway attacks,and login/OTP API attacks. With the growth of malware (like Badr) and ransomware threats (like Syrk), it is also critical to secure workforce machines by securing the endpoints against such zero-day attacks.”

Akamai’s estimates further revealed that DDoS attacks fell by nearly 20% in CY20, but attacks against the gaming industry accounted for 46% of the DDoS traffic observed last year.

Specifically in India, security experts revealed that since the first announcement of the lockdown, cybersecurity attacks and breaches may have increased to as much as 500% by June 2020 — with phishing being the most common of them all. Additionally, internet services providers in the country revealed that cyberattack alerts from corporate clients were received almost every alternate day.

“The approach to countering cyberattacks for gaming platforms should be proactive and not reactive,” said Akash Singh, product manager at WinZO.

He further explained that at WinZo the team implements comprehensive AI/ML algorithms on the platform to analyse user activity patterns from the moment a user downloads their app. Based on these checks — which run on hundreds of parameters — the platform is able to identify potential threats. 

“We are a data- and tech-driven business, hence executing data-backed measures and latest/modern technological solutions are second nature to our operations. We also partner with third-party service providers to ensure optimal security of our platform from potential threats,” he added.

For businesses such as Octro and Baazi Games, the internal tools, processes, and frameworks that prevent SQLi and LFI attacks have worked to their benefit. Avneet Rana, Director of Technology, Baazi Games, explained, “Every build we code is run through stringent security assessments before deployment and our platform is constantly penetration-tested for any vulnerabilities. Our private subnets ensure the utmost confidentiality for user data and the high availability of Web Application Firewalls secures our platform against DoS and DDoS attacks while ensuring zero downtime.”

Mitesh Jain, regional sales director at Akamai, said “Gaming companies need to incorporate cybersecurity into their strategy from day one as it is an important component of player experience. Akamai has been working with leading gaming companies in the Indian sub-continent to secure and deliver player experiences. Our focus is to empower the thriving gaming ecosystem in India and help accelerate its growth. We work with gaming companies of varied genres, sizes, and stages of growth and help mitigate the attacks and threats that these companies are facing.” 

 Charting A Scalable And Secure Future

India’s gaming industry is set to become a $3 Bn market by 2023, up from the current $1.2 Bn, with the growth being possibly dominated by players such as Dream11, the country’s first gaming unicorn, Mobile Premier League (from the soonicorn club), Nazara (from the IPO club), and many more.

Inc42’s recent analysis revealed that hyper-casual games would drive the growth of the gaming segment in India as users prefer to play board games on mobiles. Moreover, fantasy games and the rummy market (real-money game) could also see a massive uptick despite some legal hurdles in certain states. Cloud gaming could be another trend set to prevail for the next 10 years, and startups are already experimenting with some unique ideas.

In spite of several challenges, gaming startups in India are confident of the sector’s growth. Dinesh Arora, senior VP, marketing at Spartan Poker, a Mumbai-based online poker platform, told Inc42, “While there was a jump in the market when the lockdown was initiated, by late November, the market had stabilised. I don’t think that the market will go down from where we are right now. We have good enough interest, and millennials have also started taking a keen interest in poker. So, I believe the market is still going to grow from here.”

Per our analysis, this business growth is also likely to lead to heightened cyberthreats and security-related challenges for companies in the segment.

Gaming companies have a big responsibility to ensure that they keep up with the ever-evolving threat landscape by deploying state-of-the-art security measures closest to the users and attackers to mitigate any potential risk right at the edge without compromising on the experience they deliver to the players.

Note: We at Inc42 take our ethics very seriously. More information about it can be found here.

Inc42 Daily Brief

Stay Ahead With Daily News & Analysis on India’s Tech & Startup Economy

Recommended Stories for You