Data Breach Lessons from MGM and Caesars: Protection Strategies
Hackers have grown increasingly brazen, aiming at high-profile companies like MGM Resorts and Caesars Entertainment in Las Vegas. These events present a clear need to examine the alarming rise of business-related cybercrime and discuss how companies can safeguard themselves against prolonged downtime while adding an extra layer of protection using business continuity software like Preparis Planner.
MGM Resorts and Caesars Entertainment: Victims Despite Preparedness
Cyber technology experts have commended MGM Resorts International and Caesars Entertainment for their proactive approach to safeguarding their operations against the ever-present threat of a security breach. These giants of the Las Vegas Strip, boasting a combined total of 16 resorts, made substantial investments in technology and diligently adhered to regulatory frameworks. They implemented a plethora of cyber protections, protocols, and security measures, leaving no stone unturned in their quest for cybersecurity. Yet, even with these precautions in place, they found themselves victimized by relentless cybercriminals.
The High Cost of Inadequate Data Protection
One of the most distressing aspects of these data breaches is their devastating impact on the affected businesses and their customers. MGM and Caesars now face class-action lawsuits for alleged failure to protect their customers' data adequately. Rebuilding trust with existing and future customers is an onerous task that both companies must now navigate.
Jefferies Gaming analyst David Katz recently estimated that MGM Resorts International was hemorrhaging 10-20% of its daily revenue due to the breach. The actual number reported by MGM once the breach was resolved totaled roughly $100 million. This staggering financial loss demonstrates a data breach's immediate and tangible consequences on a business's bottom line. Such losses can lead to a host of long-term issues, from decreased stock value to compromised customer loyalty.
Paying the Price: Ransoms and Stolen Data
Days before MGM's computer systems fell victim to a cyberattack; Caesars Entertainment reluctantly paid a staggering $15 million ransom to a cybercrime group that successfully infiltrated and disrupted its systems. This cybercriminal organization initially demanded a $30 million ransom, revealing their audacity and expertise in extortion. Caesars ultimately agreed to pay roughly half of the demanded sum, highlighting the desperate measures that companies may resort to when facing the aftermath of a data breach.
Adding to the horrors of these breaches, hackers managed to steal Social Security numbers and driver's license numbers from a "significant number" of loyalty program customers of Caesars Entertainment. This chilling revelation underscores the deeply personal and far-reaching consequences of data breaches on individuals.
The Soaring Threat of Business-Related Cybercrime
The disclosure of these breaches coincided with a concerning global trend. According to a report from the World Economic Forum, cyberattacks spiked by a jaw-dropping 156% in the second quarter of 2023 compared to the first three months of the year. Notably, the attack on Caesars occurred weeks before the assault on MGM Resorts, which has since wreaked havoc on MGM's operations. The fallout has forced guests to endure long check-in wait times and crippled electronic payments, digital key cards, slot machines, ATMs, and paid parking systems. The company's website and mobile app had been rendered inaccessible for nearly four days.
Protecting Your Business and Customers: A Vital Imperative
As evidenced in these cases, the preferred tactic for ransom-seeking cybercriminals involves using social engineering to infiltrate a company's IT systems. They excel at manipulating individuals within organizations, gaining unauthorized access with alarming ease. For instance, the hackers in this case reportedly boasted that it took a mere 10 minutes to breach MGM's system after identifying an MGM tech employee on LinkedIn and contacting the company's support desk. Then, the hackers managed to infiltrate Caesars' system by deceiving an employee at a third-party vendor.
Compared to Caesars Entertainment, MGM Resorts International has chosen not to pay the ransom demands. This decision aligns with the FBI's counsel against paying ransoms, as doing so offers no guarantee of retrieving stolen data and can incentivize cybercriminals to target more victims.
Investing in Protection: The Way Forward
The global average cost of a data breach in 2023 was a staggering $4.45 million, reflecting a 15% increase over the past three years. This financial toll underscores businesses' need to invest in robust cybersecurity measures and data protection.
In response to breaches, 51% of organizations plan to increase their security investments. These investments encompass incident response (IR) planning and testing, employee training, and adopting advanced threat detection and response tools. These proactive measures are critical for mitigating the risk of future breaches and ensuring swift, effective responses when breaches occur.
Additionally, businesses should consider partnering with continuity planning services like Preparis. These services offer a lifeline in the event of a breach, enabling companies to swiftly recover critical data, minimize downtime, and continue serving their customers without disruption.
The recent data breaches at MGM Resorts and Caesars Entertainment serve as a chilling reminder of the escalating threat of business-related cybercrime. Protecting your business and your customers from the catastrophic consequences of data breaches is no longer a choice—it's an imperative. Proactive measures, including robust cybersecurity, employee training, and continuity plans, are essential components of a comprehensive defense strategy. By taking these steps, businesses can fortify their resilience in the face of cyber threats, safeguard their customers' trust, and ensure their continued success in a digital world fraught with peril.