Connect with us
< All Topics
Print

Cybersecurity

Cybersecurity – In a few words, we could define “cybersecurity” as an activity that wants to guarantee security over the internet. Going further to this definition, we can draw on the International Organization for Standardization (ISO) and its standard ISO 27032:2023 in which “cybersecurity” is defined as “safeguarding people, society, organizations and nations from cyber risks”[1]. In this definition, the word “cyber” is usually connected with the idea of electronic communication networks such as the internet[2].

For all of this, we refer to cybersecurity as a computer science that wants to protect something from the threats associated with the use of the internet. So the important thing here is to identify the risks involved and the target to be protected.

Regarding the types of risk, it is crucial to identify what you would like to protect. Even so, the answer to this question isn’t easy. Especially, because it depends on the time.

The evolution of technology and the growth of ICT infrastructures have brought us risks, knowledge, and methods that years ago we could not even imagine. At the beginning of the era of the internet, nobody cared about things like passwords, capacity, or exploits.  Nevertheless, nowadays, anything located on the internet is exposed to that kind of “bad” thing because there are multiple ways to exploit them without hardly any economic investment. For all this, cybersecurity is a science in continuous renovation as it is needed to learn how to protect your information periodically.

However, if we had to say what are the actual threats that cybersecurity needs to fight against, we can draw on the European Union Agency for Cybersecurity (ENISA). In its annual “ENISA Threat Landscape”, this European agency tries to identify the principal cybersecurity threats that have stood out in recent times. According to their last version of 19th October 2023, nowadays there are 8 prime digital threats[3]:

Advertisement
  • 1) Ransomware;
  • 2) Malware;
  • 3) Social engineering;
  • 4) Threats against data;
  • 5) Threats against availability: Denial of Service;
  • 6) Threat against availability: Internet threats;
  • 7)  Information manipulation and interference; and,
  • 8) Supply chain attacks.

These threats seek to cause different effects, have various purposes, and respond to different techniques, tactics and procedures. Although, they always have something in common: the negative effect on a computer system (software, hardware, communication network, etc.). A negative impact caused by who? And here we find that the range of options expands.

The entities or individuals whose aim is to conduct malicious acts by taking advantage of existing vulnerabilities with the intention of harming their victims, is different in every business, sector and country. Some cyber threat actors (eventual, cybercriminals if they commit any crime) as state-nexus groups, hackers-for-hire from business competitors or hacktivists that regardless of motivation or agenda can be triggered into action by these events. Besides, in some time, it could be a mix of all of them. The only thing that we could know for sure is that their intention is to negatively affect the systems of a certain stakeholder.

Accordingly, what do these stakeholders want to attack? Sometimes they want to obtain confidential information from a victim, other times disable their services. Everything will depend on the type of stakeholder and their possibilities. If we look at electronic sports, we will see that there are different assets depending on the type of stakeholder.

From the point of view of a “publisher”, threat actors probably could be interested in attacking its most important asset: the video game (or their Intellectual Property). Thus, if the game is online, they probably want to affect its availability ensuring that it is not regularly operational or create difficulty for the players to use it. Or perhaps, if the video game is still in a developing stage, what they could want is to affect the confidentiality of the source code leaking or altering it without permission.

From the point of view of a competition organizer (or the publisher itself if it adopts this position), maybe they will be interested in changing the game code or functionalities during a competition in order to benefit a certain team or player. This aspect will have direct consequences to one specific competition, yet to the esports ecosystem itself. After all, if we could not manage those types of attacks, we could not guarantee the integrity of the competition.

Finally, from the point of view of players and teams, we will see that their most vulnerable point is their game accounts. If someone were to gain unauthorized access to them, it could impact directly to their setting configuration, rank level or even competing performance. An asset that became important for the clubs (since its players’ accounts are an essential asset to develop its activity), but mostly for players that would be hacked who could see their personal data affected even at a level of detail that they cannot even imagine.

Advertisement

To sum up, if we do not protect the cybersecurity of the services related to a competition (in person or online) it could affect its integrity and eliminate the feeling of chance that really justifies the existence of the competition.


[1] ISO 27032:2023: ISO, “Information technology — Security techniques — Guidelines for cybersecurity,” ISO/IEC 27032:2012. Available at: https://www.iso.org/obp/ui/#iso:std:iso-iec:27032:ed-2:v1:en (last visited 07th March 2024).

[2] Definition of “cyber” from Oxford Learner’s Dictionaries:

Oxford Learner’s Dictionaries, “Cyber. Available at: https://www.oxfordlearnersdictionaries.com/definition/english/cyber#:~:text=%2Fsa%C9%AAb%C9%99r%2F,communication%20networks%2C%20especially%20the%20internet (last visited 07th March 2024).

[3] ENISA Threat Landscape 2023:

Advertisement

European Union Agency for Cybersecurity (ENISA), “ENISA Threat Landscape 2023”. Available at: https://www.enisa.europa.eu/publications/enisa-threat-landscape-2023 (last visited 07th March 2024).

Author

  • Alex Barbarà

    Established as a lawyer in Barcelona, I am specialized in data protection and information security, I have always seen esports as my third way of specialization. I started as a consultant for amateurs or semi-professional teams, players, or even streamers, trying to give advice and solutions to the habitual legal problems of those stakeholders. This was in a context where it seemed that no possible legal solutions could be applied, but people wanted things to be done well. This led me to publish a blog where I could share all my thoughts or solutions to those problems to help the growing Spanish ecosystem. I combine these with self-investigations about the international esports scene and its regulation. I am on a spiral of question-answer about how things were done in other countries, which I try to share in my blog with non-canonical texts for the average internet visitor. This led me to my first book, “Sin leyes no hay competición” (No laws, no competition), an insightful discourse on the foundational public regulations of esports and their prospective impacts on forthcoming legislative frameworks. Nowadays, I maintain that same spirit but with different approaches. Recently, I have published some of my specific esports country/legislation context that I titled “El avance de los esports en…” (The advance of esports in…), which I want to be a collaborative text where people help me in my writings. To know more about me, visit: www.alexbarbara.es/

Table of Contents