The MGM Cyberattack: A Cautionary Tale on Business Systems Security and Safety

In the fast-paced digital landscape of the 21st century, cybersecurity has become a paramount concern for businesses of all sizes and industries. The recent cyberattack on MGM Resorts International serves as a stark reminder of the critical importance of robust security measures to safeguard sensitive data and maintain business continuity. How could this happen to the largest casino company in Las Vegas and one of the most influential entertainment entities in the world? And what can you do to make sure it never happens to you?

Cyber Warfare Unleashed

On the surface, MGM Resorts International may be synonymous with luxury hotels and resorts, but behind the scenes, it’s a massive conglomerate with an intricate web of interconnected business systems, like any other large worldwide business. These systems include guest reservations, financial transactions, and personal data storage, making them a tempting target for cybercriminals.

This particular attack appears to have been launched by a hacker group known as ALPHV or Scattered Spider, who reportedly defeated MGM’s system via social engineering after a member of the group called the MGM Grand Help Desk and surreptitiously gathered data during the 10-minute conversation. Once ALPHV had what they needed, they gained access to the system and instigated a cascade of errors, including website and reservation system outages, possible data breaches, deactivated slot machines, and a mad scramble on MGM’s part to contain the damage.

As with many contemporary hacking attempts, the MGM operation was quickly discovered to be a ‘ransomware’ attack, in which ALPHV demanded cash in exchange for releasing full system control back to MGM. This offer appears to have been refused, thus the attack. In addition, it has now come to light that the same group may have first targeted MGM’s Las Vegas neighbor Caesars, the largest casino company in the world, who reportedly paid the group $15 million to stand down. This coordinated effort on the part of bad actors is a stark reminder that even the most prominent, sophisticated, and assumedly prepared businesses are not immune to cyber threats.

The Real Cost of a Cyberattack

Although MGM representatives have stressed that customers’ personal data was never at risk, industry insiders say that the full scale of damages to MGM’s bottom line will take some time to assess but is comfortably in the tens of millions of dollars, if not higher. While the full extent of the financial damage has yet to be disclosed, the reputational harm alone to MGM could be catastrophic. Trust is a precious commodity in the business world, and when a company’s security is compromised, it erodes the confidence of customers, partners, and investors. Indeed, MGM’s stock saw a marked decline in the days following the breach.

Furthermore, the legal ramifications of a data breach are potentially extensive, and MGM is sure to face scrutiny over the true strength of its security systems. Only time will tell if MGM might face legal trouble from this cyberattack to add to its financial woes. Data protection laws and regulations are becoming increasingly stringent worldwide, and failing to adequately protect customer data can result in substantial fines and lawsuits, which can further erode a company’s bottom line.

The Role of Business Systems Security

The MGM cyberattack highlights the critical importance of business systems security, from the largest corporation to the smallest mom-and-pop store. These systems are the backbone of modern organizations, enabling them to operate efficiently, serve customers effectively, and manage complex processes. However, they are also the most vulnerable entry points for cybercriminals. Here are some steps that every business owner should take to ensure that their business’ day-to-day operations are safe.

1. Data Protection: The first line of defense against cyber threats is robust data protection measures. Encryption, secure access controls, and regular data backups are essential components of a comprehensive security strategy.
2. Employee Training: Human error is a common entry point for cyberattacks. Phishing emails and hackers pretending to be “from Corporate” can cause a well-meaning employee to mistakenly leave a system unprotected and ripe for attack. Ensuring that employees are well-trained in cybersecurity best practices can help mitigate this risk.
3. Continuous Monitoring: Threats are constantly evolving, and bad actors are always searching for chinks in security systems’ armor. Implementing real-time monitoring and threat detection systems can help identify and address potential issues before they escalate into major breaches.
4. Incident Response Plans: Having a well-defined incident response plan is crucial. It enables organizations to respond swiftly and effectively if and when a cyberattack occurs, minimizing the impact on operations and reputation.

Protect Your Business Systems, Protect Your Customers, Protect Yourself

The MGM cyberattack is a shining example of how important it is that businesses take proactive steps to safeguard their systems and data. Cybersecurity is not a one-time investment – it’s an ongoing process that requires vigilance and adaptation to the evolving threat landscape. In today’s digital age, system security and safety has never been so critically important. No organization is immune to cyber threats, but taking action to protect your business systems and ensure the safety of your data could also protect you from financial and reputational risk down the road.

Your company likely does not have the cybersecurity infrastructure of large companies like MGM, perhaps making you even more vulnerable to potential attacks. It’s common for smaller companies to rely on contractual relationships with vendors and partners to help manage cybersecurity risks. Liability issues surrounding cybersecurity are complex and agreements with both your clients and with third parties involved in your protection efforts need to be carefully structured to minimize your exposure to loss.

If you’re a business owner who has questions about managing your exposure to cyberattacks and minimizing your liability associated with a potential breach, RRS’ Business Law team may be able to help! Contact us today for a free consultation!