Expert Viewpoint

4 Ways IT Teams Can Secure the Future of Esports in Education

• By Brandon Shopp
• 03/15/23

Electronic sports, better known as esports, is a massive industry. As of 2022, 532 million people watched video gaming events worldwide.

Schools are continuing to integrate esports into afterschool programs and team sports, and based on the data around players, it's not surprising. But the growth of esports is also attracting an undesirable element — hackers. Since students are less aware of potential cyber risks, bad actors are increasingly targeting esports accounts to steal personally identifiable information (PII) and wreak havoc on other systems on school networks.

As threats and attacks are expected to increase, schools must find ways to better secure their esports environment and protect up-and-coming esports players. Let's take a look at their options.

1. Network segmentation

Esports streaming platforms are typically cloud-based applications. But when schools add them to their networks, they lose insight into potential vulnerabilities lurking in the ecosystem. In addition, they must trust the esports software provider to handle remediation actions promptly.

Segregating the esports gaming lab from the school's main network infrastructure is one way to address this challenge. Ideally, the lab should have its own firewall and virtual private network (VPN). It's also a good idea to investigate network segmentation.

Whenever an unidentified IP address attempts to log in to a VPN, network segmentation will immediately contain it within the lab so that it cannot spread laterally.

Technologies such as software-defined networking (SDN) simplify this process by making it easier to specify permissions to quickly enforce segmentation at scale, even across hybrid IT deployments where a school's IT infrastructure straddles the cloud and on-premises. SDN also eases the process of collecting data from the network to detect traffic anomalies that could indicate malicious activity.

2. Automate patch management

Systems that are unpatched are a common point of access for bad actors and are a leading source of software vendor-based cyberattacks. But as a school district's digital footprint grows, keeping software up-to-date and protected against hacks is no easy task. According to IDC, only 49% of organizations rapidly deploy patches and updates, and only 12% patch in real-time.

One option for overcoming this challenge is to automate security patch management. Instead of manually checking for updates and applying them across the infrastructure, automation can detect and deploy critical third-party software patches as they are released, apply them promptly (or IT pros can choose which updates they want to install), and then track which systems were patched and when.

3. Understand the esports software provider's security posture

When possible, school districts should also work with software vendors, like esports platform providers, to understand their security practices and posture throughout the vendor lifecycle.

Before onboarding and during regular security assessments, IT and security teams should ask the following questions:

• How does the vendor secure software code?

• Do they adhere to NIST's Secure Software Development Framework (SSDF)?

• Do they use DevSecOps and automation within the software development process?

• What policies and practices are in place to prevent malicious or vulnerable software from entering the supply chain?

• How do they monitor risk in their supply chain?

• If a breach occurs, what is their process for notifying customers?

In addition, schools should take responsibility to continuously assess and monitor the esports vendor's security program for the life of the relationship.

4. Ensure esports students and teams are "cyber aware"

While the general hacking community is often perceived as the most significant cyber threat to schools, most cyber incidents in education are caused by students or staff — whether accidentally or intentionally.

As schools ramp up their esports programs, they must work to build a culture of security and ensure that all participants are cyber-aware. Simple security hygiene practices that can reduce cyber risk include not sharing passwords, requiring students to sign in using their real names rather than aliases, knowing how to block and report a cyberbully, and recognizing phishing emails.

For everyone's sake, securing esports must be a priority for schools

Esports presents huge opportunities for children to learn new skills, problem solve, collaborate, decrease stress and anxiety, and improve their grades. But school districts must move quickly to secure the environment and bring safety to esports — without impacting the game's performance or over-burdening security teams.