by Tova Osofsky
Posted on October 4, 2022
Want to interview Tova?Contact
In the wake of what they characterized as a “network intrusion in which an unauthorized third party illegally accessed and downloaded… early development footage for the next Grand Theft Auto,” Rockstar Games wrote that they were “extremely disappointed” that details of their next game, Grand Theft Auto 6 (GTA 6), were shared. While few details are available about the attack, it seems that a hacker breached Rockstar Game’s Slack server and their Confluence wiki.
We’d guess that there’s more than just “disappointment” behind their announcement. When Grand Theft Auto V was introduced almost a decade ago, 11 million copies were sold on the first day of release, generating sales of $1 billion in just the first 3 days following release and instantly recouping the $250 million it cost to make it several times over. GTA V still stands out as the most successful game launch in history and serves as a case study of a successful game launch.
Here’s an analysis of Rockstar’s GTA V marketing strategy from a blog post entitled “Criminally Successful Marketing”:
Rockstar released their first trailer for GTA V 2 years before launch. How many of us would struggle to get sign off for communications that far in advance of a product launch! They understand the power of anticipation and have spent time and money building sizzle slowly. They released a second trailer in November 2012, three more in 2013 accompanied by a TV spot and giant outdoor at trend spots in LA and New York.
They also held an online casting to find five fans to appear in the game. This created a lot of buzz among the die-hard fans and poured fuel on the social media fire already burning… the principle of pre-marketing is important: build desire amongst your earliest adopters to ensure that they a) buy early and b) spread the word.
Given the fact that film studios and gaming companies use pre-release glimpses of content to generate the consumer “buzz” that is so crucial for driving customer interest, why should content leaks, like the one recently experienced by Rockstar, be such a problem? Especially in the run-up to a product release, wouldn’t leaks simply function to enhance buzz, similarly to producer-initiated communications?
To answer that question, let’s take a quick, slightly geeky side trip into what exactly “buzz” is, the role that it plays, and the mechanics of pre-release consumer buzz – PRCB for short. Here’s how it works:
Before a new film or game (or even a device associated with positive social capital, like iPhones) is released, only three types of information are typically available to people who might potentially purchase or engage with the product:
The first type of information is easiest for gaming and film studios to control. They painstakingly create trailers to convey the impressions, images and most importantly, feelings they want to project.
Media, critical and consumer speculation cannot be controlled by the studios, but it can certainly be influenced significantly. Star actors or artists are deployed to fan the flames of anticipation in carefully scripted appearances and interviews on both traditional and specialized gaming media, which are further promoted and excerpted on social media. All these elements are carefully crafted and coordinated to shape the story and – especially – to keep key elements dark and build suspense.
Signals of social salience, the final type of information that’s available to consumers pre-release, are hardest to control, since they depend on, in the words of our academics, “the anticipation that customers experience creating a state of enjoyable discomfort which in turn motivates consumers to pursue vicarious experiences that may provide temporary fulfillment.” In plain English, the activities described above must generate enough excitement, curiosity and anticipation among gamers to motivate them to continue the work that the studios started.
This last step – signaling social salience – is most important since it is most influential. The most active generators of pre-release buzz tend to be innovators that purchase new products immediately upon their release, and who are followed carefully by “imitators,” who base their purchase decisions on innovators’ recommendations.
Protecting the carefully orchestrated sequence of actions that builds anticipation among innovators, and encourages them to create their own buzz around a release, is essential for robust sales both upon release and into the future.
With all this in mind, let’s get back to the question about leaks. There are three primary ways that illicit, uncontrolled leaks can harm gaming studios, reducing revenues and damaging their brands.
Regardless of how a leak kills pre-release buzz, there is no question that the Rockstar cyberattack will do significant – potentially irreparable – harm to the GTA franchise.
In many ways, some obvious and other less so, gaming has built upon the know-how and success of the film industry and in many ways, been more successful. Beyond leveraging IP that film studios develop, the gaming industry has succeeded in creating gripping marketing campaigns and entertainment experiences that engage users for extended periods of time. Especially with new cloud-based business models, the gaming industry generates ongoing revenue streams that film studios can barely match with only their most profitable, licensable franchises.
Yet bafflingly, despite the vulnerabilities to which they’re exposed via online gaming platforms, the gaming industry has failed to adopt – or adapt – the film industry’s tough security stance. For almost half a century, the MPA has pursued initiatives to protect industry content against leaks, copyright infringement, illegal distribution and more recently, cybertheft.
Among the most rigorous requirements of the MPA Best Practices Common Guidelines is their requirement for internet separation. The relevant best practice requires that studios, “Prohibit production network and all systems that process or store digital content from directly accessing the internet, including email.”
In the past, this requirement dictated that creative staff work on workstations that were not internet-connected. In recent years, however, the MPA and its Trusted Partner Network, which is responsible for benchmarking security preparedness, have adopted remote browser isolation (RBI) to keep production content secure from internet-based threats – and threat actors.
RBI protects valuable content by air-gapping user devices from the internet, while liberating creative staff to browse and use email freely. Websites are opened in virtual, cloud-based browsers, and only safe rendering data is sent to users’ regular browsers, where they interact with it just as they would with the native content. No active code from the internet ever reaches user endpoints. Any malicious content, such as data-stealing malware or ransomware within websites that users visit remains in the isolated browser and is destroyed once the user stops interacting with the site, so endpoints are protected.
Ericom’s ZTEdge Web Isolation, powered by RBI, also safeguards valuable content with policy-based control of which sites can be accessed and what content can (and especially, cannot) be shared on specific types of websites or via email. It also protects users against common phishing techniques by opening suspicious or uncategorized websites in read-only mode, preventing theft of unwitting users’ credentials which enable breaches of cloud-based application accounts and data theft.
As the recent GTA6 attack amply demonstrates, insufficient cybersecurity protection can cost gaming studios dearly. To maintain control of their critical marketing programs as well as protecting their valuable content, it is imperative for studios to implement modern, proactive protections like RBI.
To learn more about ZTEdge Web Isolation, contact us today.
Recent cyberattacks combined stolen credentials, social engineering, MFA resets and SSO manipulation in what’s been described as the Ocean’s 11 of the cyber age.
The FBI-led takedown of Qakbot was an operation that involved seven countries. Malware was removed from 700,000 computers. But don’t think all that makes you safe.
Generative AI empowers its users to work fast, better and more efficiently. Alas, this includes cybercriminals, who are using malicious GenAI platforms to accelerate zero-day exploit creation.