Securing the future of esports | TMT | Deloitte Netherlands


Securing the Future of Esports

It’s time for this fast-growing industry to invest in its security

With a global audience of more than 440 million people, competitive video gaming is now big business. In the Netherlands, 31% of consumers have watched esports competitions on at least one occasion, while 8% have accessed fee-based content multiple times, according to new research by Deloitte.

In 2019, the League of Legends Worlds and the Fortnite World Cup reached their highest recorded peak viewership to date, with 3.98 and 2.33 million concurrent stream viewers, respectively.  Although the pandemic has prevented organizers from welcoming fans into dedicated venues during 2020, the leading competitions continue to attract vast online audiences.

With a higher profile, comes greater responsibility. In the case of esports, that means ensuring the underlying digital infrastructure – the virtual playing field - is both highly reliable and highly secure. If it isn’t, it will be vulnerable to disruption, the competitions will be tarnished, and the sector's credibility will take a hit. 

Clearly, this fast-growing industry needs to ensure its competitions are as fair and competitive as possible – tournament organizers can’t, for example, let a dedicated denial of service (DDOS) attack interrupt a game and force it to be restarted.  A bad actor could use such attacks to prevent a particular team from winning and give a rival team an opportunity to start over. At the same time, teams need to be careful to ensure their players’ computing systems don’t become infected with malware, which might take the edge off their game or freeze their controls at a crucial moment. According to Dreamhack and ESL, over 50% of all online gamers have been hacked previously.

Know when to co-operate and when to compete

This is an area in which stakeholders from across the sector need to co-operate - securing specific events and their reputation should not be a competitive sport. If one event slips up, the broader reputation of esports suffers.

Event organizers and teams should be working together to protect their young industry from bad actors by sharing best practice and technical solutions that prove to be effective. That would remove the need for every event organizer and team to reinvent the wheel, while reducing the risk of breaches and attacks across the sector. Some of the bigger events in the Netherlands are now collaborating on security, indicating the industry is pursuing this broader agenda.

One of the most effective ways to fend off DDOS attacks is to work with an Internet service provider to employ really fat fibre-optic pipes with enough bandwidth to enable you to absorb both the legitimate traffic and the malicious traffic. With an inspection system in place, the latter can be identified and filtered out, ensuring the esports event goes ahead uninterrupted.

Here in the Netherlands, there are organizations that can provide six gigabit per second Internet connections inboth directions, which is fast enough to enable cloud-based services to “scrub off” any DDOS traffic in real-time.

An inspection system can also be used to warn participants in an esports competition that their machines are communicating to an IP address, or sending out traffic, that is known to be malicious. That could indicate they have been infiltrated by a botnet. However, such monitoring practices may raise privacy concerns, so would need to be agreed with the participants in advance of the event. 

Always-on protection of players’ equipment

In any case, esports teams themselves need to have robust processes in place to ensure players’ computers are continuously protected. Having malware on your system while you're playing a fast-paced game could slow down your machine’s responsiveness – even a few milliseconds lag could cost a player dear in a competition. 

Although the bigger esports teams provide hardware to their players, smaller teams will have members playing at home using their own hardware connected to their own internet connection, raising the security risks. In effect, a team needs to take the same approach as the IT function of a large business, insisting staff follow security protocols and processes while working from home. 

Today, Dutch law prohibits people from gambling on the outcome of esports competitions. However, there are some calls to remove these restrictions. If that happens, there will be a stronger motivation for bad actors to disrupt esports events, changing the threat landscape and further increasing the risk for events organizers and participating teams. 

Security breaches or no security breaches, there is always the risk that an Internet connection will fail at a critical moment.  In case that happens, tournament organisers need a plan B. There was a time when an esports competition could switch to a local network, if its Internet connection faltered. That would be unthinkable now – the scale and complexity of these events mean players generally need to be connected to powerful data centres in the public cloud. An alternative approach would be to install a data centre on site at the venue, but that is a very expensive proposition and the owner of the game franchise is unlikely to want to put their intellectual property in a place where it could be hacked.

In summary, the burgeoning esports industry can’t afford to play it fast and loose. The sector needs to invest in secure infrastructure, as if its future depended on it, because it does. Disruption to events and teams will undermine credibility, prompting sponsors and spectators to go elsewhere. 

Next steps

Please feel free / get in touch with us to discuss the arising opportunities within the esports ecosystem.

Did you find this useful?