4 Ways IT Teams Can Secure the Future of Esports in Education
Electronic sports, better known as esports, is a massive industry. As
of 2022, 532
million people watched video gaming events worldwide.
Schools are
continuing
to integrate esports into afterschool programs and
team sports, and based on the data around players, it's not
surprising. But the growth of esports is also attracting an
undesirable element — hackers. Since students are less
aware of potential cyber risks, bad actors are
increasingly targeting esports accounts to steal personally
identifiable information (PII) and wreak havoc on other systems on
school networks.
As threats and
attacks are expected to increase, schools must find ways to better
secure their esports environment and protect up-and-coming esports
players. Let's take a look at their options.
-
Network
segmentation
Esports streaming
platforms are typically cloud-based applications. But when schools
add them to their networks, they lose insight into potential
vulnerabilities lurking in the ecosystem. In addition, they must
trust the esports software provider to handle remediation actions
promptly.
Segregating the
esports gaming lab from the school's main network infrastructure is
one way to address this challenge. Ideally, the lab should have its
own firewall and virtual private network (VPN). It's also a good idea
to investigate network segmentation.
Whenever an
unidentified IP address attempts to log in to a VPN, network
segmentation will immediately contain it within the lab so that it
cannot spread laterally.
Technologies such
as software-defined networking (SDN) simplify this process by making
it easier to specify permissions to quickly enforce segmentation at
scale, even across hybrid IT deployments where a school's IT
infrastructure straddles the cloud and on-premises. SDN also eases
the process of collecting data from the network to detect traffic
anomalies that could indicate malicious activity.
-
Automate
patch management
Systems that are
unpatched are a common point of access for bad actors and are a
leading source of software vendor-based cyberattacks. But as a school
district's digital footprint grows, keeping software up-to-date and
protected against hacks is no easy task.
According
to IDC, only
49% of organizations rapidly deploy patches and updates, and only 12%
patch in real-time.
One option for
overcoming this challenge is to automate security patch management.
Instead of manually checking for updates and applying them across the
infrastructure, automation can detect and deploy critical third-party
software patches as they are released, apply them promptly (or IT
pros can choose which updates they want to install), and then track
which systems were patched and when.
-
Understand
the esports software provider's security posture
When possible,
school districts should also work with software vendors, like esports
platform providers, to understand their security practices and
posture throughout the vendor lifecycle.
Before onboarding
and during regular security assessments, IT and security teams should
ask the following questions:
-
How does the
vendor secure software code?
-
Do they
adhere to NIST's
Secure Software Development Framework (SSDF)?
-
Do they use
DevSecOps and automation within the software development process?
-
What
policies and practices are in place to prevent malicious or
vulnerable software from entering the supply chain?
-
How do they
monitor risk in their supply chain?
-
If a breach
occurs, what is their process for notifying customers?
In addition,
schools should take responsibility to continuously assess and monitor
the esports vendor's security program for the life of the
relationship.
-
Ensure
esports students and teams are "cyber aware"
While the general
hacking community is often perceived as the most significant cyber
threat to schools, most cyber incidents in education are caused
by students or staff — whether accidentally or
intentionally.
As schools ramp
up their esports programs, they must work to build a culture of
security and ensure that all participants are cyber-aware. Simple
security hygiene practices that can reduce cyber risk include not
sharing passwords, requiring students to sign in using their real
names rather than aliases, knowing how to block and report a
cyberbully, and recognizing
phishing emails.
For everyone's
sake, securing esports must be a priority for schools
Esports presents
huge opportunities for children to learn new skills, problem solve,
collaborate, decrease stress and anxiety, and improve their grades.
But school districts must move quickly to secure the environment and
bring safety to esports — without impacting the game's performance
or over-burdening security teams.