How quickly they grow up. From infant prodigy to global phenomenon, Pokémon Go has enjoyed an accelerated growth path that has beefed up parent company Nintendo’s share price by 86% in a matter of weeks. Only now has it hit a particularly difficult moment akin to an unwanted teenage pregnancy - the DDoS attack which saw users unable to access the game on Saturday.
A hacking group called PoodleCorp has claimed responsibility for what it says was a “test” before trying “something on a larger scale soon”. The group has form, having also attacked YouTube teen gaming god PewDiePie and will have been tempted by the props accorded in the hacking community to taking down such a high-profile target.
The big question is whether Nintendo had that chat about being safe which all parents need to face up to with their teenage children. Indeed, the question which hovers over all multi-gamer platforms - and any other cloud-dependent and networked services - is whether cyber-security had a high enough profile from the outset.
Stephen Gates, chief intelligence research analyst at NSFOCUS, a provider of advanced security solutions and DDoS mitigation specialists, notes that: “Organisations that provide this type of online gaming experience must expect to come under the crosshairs of DDoS attackers. A comprehensive plan to defeat DDoS attacks should be implemented before going live!”
Defences using a hybrid of cloud and on-premise cyber-security systems can easily be deployed, says Gates, and should be an obvious component of the product plan. “Online gaming providers must understand that availability is the foundation of the online gaming experience. Take away availability, and so much for the experience,” he says.
This DDoS attack seems to have been more about bragging rights than something more malicious. But there is a very real possibility of companies like Nintendo facing ransom demands with DDoS playing the equivalent of getting a cut-off finger in the post. Taking the proper steps to reduce exposure to such a risk would seem obvious.
So why would a business like Nintendo still find itself open to this type of attack? The reason is probably the same as at Sony Entertainment Network, when its gaming systems were attacked in 2014 leading to embarrassing email leaks and customer and employee data breaches - a failure to take cyber-security seriously enough and make continued investment into technology, as well as absorbing its importance into the company culture.
For senior executives, cyber-security can look like one of those boringly techy subjects which they have to listen to for a few minutes during every board meeting, before moving on to more exciting subjects. Yet the impact on a business of a hack or security breach can be extremely exciting, only in the negative sense - loss of customers, a fall in brand reputation, softening of the share price, even. Those are very grown-up subjects which any board, when birthing an online service, has to give the attention and respect they deserve.