With recent consolidations and acquisitions, online gaming and gambling has become a $40 billion industry. Operators often negotiate complex compliance, business and financial agreements. Security concerns are on the rise as online gambling and sports betting site operators come under increased pressure to have their sites always available. To add to their unique challenges, most online gaming and gambling sites operate unsecured proprietary, non-HTTPS custom protocols, frequently leaving them vulnerable to DDoS attacks.
This infographic provides a quick snapshot of the online gaming and gambling landscape and its unique security challenges.
On the Attack
DDoS attacks are getting larger and more frequent, with almost half of the existing online gaming and gambling companies having been attacked. Apart from typical extortion threats all online businesses face, online gambling is particularly susceptible to attacks from competitors. Technology advancements have greatly lowered the financial threshold, making it easier to hire hackers to launch a DDoS attacks.
Slowing Sites for Gain
Online gaming is sensitive to latency—especially sports betting sites where transactions are made in real-time. A slight slowdown in site performance usually results in visitors and gamers moving to a competitor’s site to complete their game.
Because of predictable rush hours, which run the full range of sporting events and holiday weekends, online gaming sites are even more exposed to compromised performance during these periods. Just a little latency is all it takes to slow gaming.
“E-commerce events are busy times. With online gambling sites in particular, it’s like experiencing Cyber Monday—several times a year,” says Nabeel Saeed, product manager at Imperva Incapsula. “A half-second delay renders a site unusable, unlike shopping where the tolerance for imperceptible delays may not make or break a sale.”
One Kind of Defense
Securing gaming network traffic is one way to protect sites from attacks. With our Infrastructure Protection in place, once a DDoS attack is detected, all traffic to the gaming server is re-routed via BGP announcements to Incapsula’s global network of scrubbing servers. All incoming network traffic is inspected and filtered, and only legitimate traffic is securely forwarded to the gaming network via GRE tunneling. The key benefit of this approach is that during a DDoS attack all traffic is scrubbed before it reaches your server. This means that you don’t pay for unwanted traffic, or risk getting null-routed by your ISP.
To learn more about online gaming security, view a recording of our recent webinar, “Protect Gaming and Betting Sites from Downtime.”