When the House Doesn’t Win: Key Takeaways from the MGM Las Vegas Breach

Three key lessons every business should learn from the crippling MGM Las Vegas cyber breach of September 2023.
MGM Grand Hotel in Las Vegas

Since putting out an initial statement on September 11, 2023 stating that a “cybersecurity incident” had affected some of their systems, MGM Resorts has seen their share price decline by upwards of 6%, missed out on unknown amounts of potential revenue due to hotel and restaurant reservation systems remaining offline for 3+ days, and have been warned they may see a drop in their Moody credit rating.

A breach that took no more than a 10-minute vishing call on an MGM Help Desk employee (i.e. a phishing attack conducted by phone rather than email) for the attackers to gain the access needed to compromise MGM’s systems will have lasting ripple effects that will cost MGM unpredictable amounts of time and money.

Here are our three key takeaways every business can learn from this major cybersecurity event:
Proper user training around cyber security is a must. 
Your security posture is only as strong as it’s weakest link. MGM’s attackers did not get in by exploiting a vulnerability in their environment, they got in by successfully fooling an MGM Help Desk employee into giving them the access or personal information that they needed. Proper user training against vishing attacks could have prevented this entire incident.
Breaches cost companies much more than just the price of remediation. 
MGM will likely spend millions of dollars in response to this incident as they work to get systems back online and make sure their environment is once again secure, but that won’t be the whole picture. In addition:
  • Share prices have dropped by more than 6%.
  • Assuming MGM has cyber liability insurance, their coverage may get dropped following this incident. At the very least they could expect an increase in their monthly premiums.
  • If Moody makes good on their threat to lower MGM’s credit score, MGM could expect to be offered higher interest rates on future loans until their score recovers.
  • Some of their online reservation systems have been down for 3+ days, losing out on unknown amounts of potential revenue from missed opportunities during that window.
  • MGM will likely have to invest in additional user training to prevent history from repeating itself.

Cyber attacks are a threat to every business in every sector. 
Despite all of the financial resources at MGM’s fingertips, at the end of the day, they were still vulnerable to an attack. Cyber attacks and cyber security are still both relatively new players in the corporate landscape. Both sides are constantly evolving to outsmart the other in a race with no finish line. Is your company even competing? Or is your private data low-hanging fruit waiting to be exploited?

Don't Gamble with Security

Make sure your organization isn’t the next headline. Stay ahead of potential threats with our Free Risk Assessment. Or, if you’re seeking tailored solutions to fortify your defenses against cyber breaches like MGM’s, reach out to us today. Let’s ensure your business remains safe, secure, and out of the spotlight for the wrong reasons.